guix/gnu/packages/patches/unzip-CVE-2014-9636.patch
Mark H Weaver 48e4a9f32f gnu: unzip: Add various fixes.
* gnu/packages/patches/unzip-increase-size-of-cfactorstr.patch: Delete
  file.  Replace with ...
* gnu/packages/patches/unzip-overflow-long-fsize.patch: ... this new file.
* gnu/packages/patches/unzip-attribs-overflow.patch,
  gnu/packages/patches/unzip-fix-overflows-and-infloop.patch,
  gnu/packages/patches/unzip-format-secure.patch: New files.
* gnu/packages/patches/unzip-CVE-2014-9636.patch: Replace contents with
  fixed patch from Fedora.
* gnu-system.am (dist_patch_DATA): Adjust accordingly.
* gnu/packages/zip.scm (unzip)[source]: Adjust list of patches.
2015-10-08 10:07:44 -04:00

29 lines
1.1 KiB
Diff

Copied from Fedora.
http://pkgs.fedoraproject.org/cgit/unzip.git/plain/unzip-6.0-overflow.patch?id=d18f821e
diff --git a/extract.c b/extract.c
index a0a4929..9ef80b3 100644
--- a/extract.c
+++ b/extract.c
@@ -2214,6 +2214,7 @@ static int test_compr_eb(__G__ eb, eb_size, compr_offset, test_uc_ebdata)
ulg eb_ucsize;
uch *eb_ucptr;
int r;
+ ush method;
if (compr_offset < 4) /* field is not compressed: */
return PK_OK; /* do nothing and signal OK */
@@ -2223,6 +2224,12 @@ static int test_compr_eb(__G__ eb, eb_size, compr_offset, test_uc_ebdata)
eb_size <= (compr_offset + EB_CMPRHEADLEN)))
return IZ_EF_TRUNC; /* no compressed data! */
+ method = makeword(eb + (EB_HEADSIZE + compr_offset));
+ if ((method == STORED) && (eb_size != compr_offset + EB_CMPRHEADLEN + eb_ucsize))
+ return PK_ERR; /* compressed & uncompressed
+ * should match in STORED
+ * method */
+
if (
#ifdef INT_16BIT
(((ulg)(extent)eb_ucsize) != eb_ucsize) ||