diff options
| author | ehaupt <ehaupt@FreeBSD.org> | 2015-01-16 17:11:35 +0800 |
|---|---|---|
| committer | ehaupt <ehaupt@FreeBSD.org> | 2015-01-16 17:11:35 +0800 |
| commit | 078df515a00bca8723b80d3e79d338be162ea1fb (patch) | |
| tree | 97b0aa1d7cc4ef46e742f0f0d51a1ee4afa6a834 /archivers/unzip/files | |
| parent | 52a432e98f6871c3aa9b5782dcc6c4c0121ffd95 (diff) | |
| download | freebsd-ports-gnome-078df515a00bca8723b80d3e79d338be162ea1fb.tar.gz freebsd-ports-gnome-078df515a00bca8723b80d3e79d338be162ea1fb.tar.zst freebsd-ports-gnome-078df515a00bca8723b80d3e79d338be162ea1fb.zip | |
Add patch to fix multiple vulnerabilities.
Obtained from: debian
Security: d9360908-9d52-11e4-87fd-10bf48e1088e (VuXML)
Diffstat (limited to 'archivers/unzip/files')
| -rw-r--r-- | archivers/unzip/files/patch-extract.c | 66 |
1 files changed, 66 insertions, 0 deletions
diff --git a/archivers/unzip/files/patch-extract.c b/archivers/unzip/files/patch-extract.c new file mode 100644 index 000000000000..7b9645e85a5f --- /dev/null +++ b/archivers/unzip/files/patch-extract.c @@ -0,0 +1,66 @@ +--- extract.c.orig 2015-01-16 10:05:03.994866726 +0100 ++++ extract.c 2015-01-16 09:57:31.606898193 +0100 +@@ -1,5 +1,5 @@ + /* +- Copyright (c) 1990-2009 Info-ZIP. All rights reserved. ++ Copyright (c) 1990-2014 Info-ZIP. All rights reserved. + + See the accompanying file LICENSE, version 2009-Jan-02 or later + (the contents of which are also included in unzip.h) for terms of use. +@@ -298,6 +298,8 @@ + #ifndef SFX + static ZCONST char Far InconsistEFlength[] = "bad extra-field entry:\n \ + EF block length (%u bytes) exceeds remaining EF data (%u bytes)\n"; ++ static ZCONST char Far TooSmallEFlength[] = "bad extra-field entry:\n \ ++ EF block length (%u bytes) invalid (< %d)\n"; + static ZCONST char Far InvalidComprDataEAs[] = + " invalid compressed data for EAs\n"; + # if (defined(WIN32) && defined(NTSD_EAS)) +@@ -2023,7 +2025,8 @@ + ebID = makeword(ef); + ebLen = (unsigned)makeword(ef+EB_LEN); + +- if (ebLen > (ef_len - EB_HEADSIZE)) { ++ if (ebLen > (ef_len - EB_HEADSIZE)) ++ { + /* Discovered some extra field inconsistency! */ + if (uO.qflag) + Info(slide, 1, ((char *)slide, "%-22s ", +@@ -2032,6 +2035,16 @@ + ebLen, (ef_len - EB_HEADSIZE))); + return PK_ERR; + } ++ else if (ebLen < EB_HEADSIZE) ++ { ++ /* Extra block length smaller than header length. */ ++ if (uO.qflag) ++ Info(slide, 1, ((char *)slide, "%-22s ", ++ FnFilter1(G.filename))); ++ Info(slide, 1, ((char *)slide, LoadFarString(TooSmallEFlength), ++ ebLen, EB_HEADSIZE)); ++ return PK_ERR; ++ } + + switch (ebID) { + case EF_OS2: +@@ -2221,10 +2234,17 @@ + if (compr_offset < 4) /* field is not compressed: */ + return PK_OK; /* do nothing and signal OK */ + ++ /* Return no/bad-data error status if any problem is found: ++ * 1. eb_size is too small to hold the uncompressed size ++ * (eb_ucsize). (Else extract eb_ucsize.) ++ * 2. eb_ucsize is zero (invalid). 2014-12-04 SMS. ++ * 3. eb_ucsize is positive, but eb_size is too small to hold ++ * the compressed data header. ++ */ + if ((eb_size < (EB_UCSIZE_P + 4)) || +- ((eb_ucsize = makelong(eb+(EB_HEADSIZE+EB_UCSIZE_P))) > 0L && +- eb_size <= (compr_offset + EB_CMPRHEADLEN))) +- return IZ_EF_TRUNC; /* no compressed data! */ ++ ((eb_ucsize = makelong( eb+ (EB_HEADSIZE+ EB_UCSIZE_P))) == 0L) || ++ ((eb_ucsize > 0L) && (eb_size <= (compr_offset + EB_CMPRHEADLEN)))) ++ return IZ_EF_TRUNC; /* no/bad compressed data! */ + + if ( + #ifdef INT_16BIT |