forked from pool/unzip
d7c16d7fbb
- Fix CVE-2022-0530, SIGSEGV during the conversion of an utf-8 string to a local string (CVE-2022-0530, bsc#1196177) * CVE-2022-0530.patch - Fix CVE-2022-0529, Heap out-of-bound writes and reads during conversion of wide string to local string (CVE-2022-0529, bsc#1196180) * CVE-2022-0529.patch OBS-URL: https://build.opensuse.org/request/show/1005199 OBS-URL: https://build.opensuse.org/package/show/Archiving/unzip?expand=0&rev=58
29 lines
898 B
Diff
29 lines
898 B
Diff
From: Enrico Zini <enrico@debian.org>
|
|
Subject: Fix null pointer dereference on invalid UTF-8 input
|
|
Bug-Debian: https://bugs.debian.org/1010355
|
|
X-Debian-version: 6.0-27
|
|
|
|
--- a/fileio.c
|
|
+++ b/fileio.c
|
|
@@ -2361,6 +2361,9 @@
|
|
/* convert UTF-8 to local character set */
|
|
fn = utf8_to_local_string(G.unipath_filename,
|
|
G.unicode_escape_all);
|
|
+ if (fn == NULL)
|
|
+ return PK_ERR;
|
|
+
|
|
/* make sure filename is short enough */
|
|
if (strlen(fn) >= FILNAMSIZ) {
|
|
fn[FILNAMSIZ - 1] = '\0';
|
|
--- a/process.c
|
|
+++ b/process.c
|
|
@@ -2611,6 +2611,8 @@
|
|
int escape_all;
|
|
{
|
|
zwchar *wide = utf8_to_wide_string(utf8_string);
|
|
+ if (wide == NULL)
|
|
+ return NULL;
|
|
char *loc = wide_to_local_string(wide, escape_all);
|
|
free(wide);
|
|
return loc;
|