SHA256
1
0
forked from pool/unzip
unzip/unzip60-total_disks_zero.patch
Martin Pluskal 04e2f23972 Accepting request 619404 from home:kstreitova:branches:Archiving
- Add unzip60-total_disks_zero.patch that fixes a bug when unzip is
  unable to process Windows zip64 archives because Windows
  archivers set total_disks field to 0 but per standard, valid
  values are 1 and higher [bnc#910683]
- Add Fix-CVE-2014-9636-unzip-buffer-overflow.patch to fix heap
  overflow for STORED field data [bnc#914442] [CVE-2014-9636]

- Add unzip60-total_disks_zero.patch that fixes a bug when unzip is
  unable to process Windows zip64 archives because Windows
  archivers set total_disks field to 0 but per standard, valid
  values are 1 and higher [bnc#910683]
- Add Fix-CVE-2014-9636-unzip-buffer-overflow.patch to fix heap
  overflow for STORED field data [bnc#914442] [CVE-2014-9636]

OBS-URL: https://build.opensuse.org/request/show/619404
OBS-URL: https://build.opensuse.org/package/show/Archiving/unzip?expand=0&rev=49
2018-06-27 14:20:07 +00:00

25 lines
1.2 KiB
Diff

Index: unzip60/process.c
===================================================================
--- unzip60.orig/process.c
+++ unzip60/process.c
@@ -1286,7 +1286,8 @@ static int find_ecrec64(__G__ searchlen)
G.ecrec.number_this_disk, ecloc64_total_disks); fflush(stdout);
#endif
if ((G.ecrec.number_this_disk != 0xFFFF) &&
- (G.ecrec.number_this_disk != ecloc64_total_disks - 1)) {
+ (G.ecrec.number_this_disk != ecloc64_total_disks - 1) &&
+ (ecloc64_total_disks != 0)) {
/* Note: For some unknown reason, the developers at PKWARE decided to
store the "zip64 total disks" value as a counter starting from 1,
whereas all other "split/span volume" related fields use 0-based
@@ -1296,6 +1297,9 @@ static int find_ecrec64(__G__ searchlen)
When this is not the case, the found ecrec64 locator cannot be valid.
-> This is not a Zip64 archive.
*/
+ /* There are archive creators that put 0 in total disks when it should
+ be 1. We should handle this. This is done by the added check above.
+ */
Trace((stderr,
"\ninvalid ECLOC64, differing disk# (ECR %u, ECL64 %lu)\n",
G.ecrec.number_this_disk, ecloc64_total_disks - 1));