Apply fix for CVE-2015-1315 from Marc Deslauriers

<marc.deslauriers@canonical.com>.

MFH:		2015Q1
Approved by:	so

2 files changed, 16 insertions, 4 deletions

diff --git a/archivers/unzip/Makefile b/archivers/unzip/Makefile
index 6bd21e4f373d..d05f1dd6e316 100644
--- a/archivers/unzip/Makefile
+++ b/archivers/unzip/Makefile
@@ -3,7 +3,7 @@
 
 PORTNAME=	unzip
 PORTVERSION=	6.0
-PORTREVISION=	4
+PORTREVISION=	5
 CATEGORIES=	archivers
 MASTER_SITES=	SF/infozip/UnZip%206.x%20%28latest%29/UnZip%20${PORTVERSION}/:main \
 		SF/infozip/UnZip%205.x%20and%20earlier/5.51/:unreduce
diff --git a/archivers/unzip/files/extra-iconv-patch-unix_unix.c b/archivers/unzip/files/extra-iconv-patch-unix_unix.c
index e869ca3b0484..152e3e7295b9 100644
--- a/archivers/unzip/files/extra-iconv-patch-unix_unix.c
+++ b/archivers/unzip/files/extra-iconv-patch-unix_unix.c
@@ -76,15 +76,27 @@
 +
 +    slen = strlen(string);
 +    s = string;
-+    dlen = buflen = 2*slen;
-+    d = buf = malloc(buflen + 1);
++
++    /*  Make sure OUTBUFSIZ + 1 never ends up smaller than FILNAMSIZ
++     *  as this function also gets called with G.outbuf in fileio.c
++     */
++    buflen = FILNAMSIZ;
++    if (OUTBUFSIZ + 1 < FILNAMSIZ)
++    {
++        buflen = OUTBUFSIZ + 1;
++    }
++
++    d = buf = malloc(buflen);
 +    if(!d)
 +    	goto cleanup;
++
 +    bzero(buf,buflen);
++    dlen = buflen - 1;
++
 +    if(iconv(cd, &s, &slen, &d, &dlen) == (size_t)-1)
 +    	goto cleanup;
 +    strncpy(string, buf, buflen);
-+    
++
 +    cleanup:
 +    free(buf);
 +    iconv_close(cd);