diff options
| author | delphij <delphij@FreeBSD.org> | 2015-02-18 05:58:40 +0800 |
|---|---|---|
| committer | delphij <delphij@FreeBSD.org> | 2015-02-18 05:58:40 +0800 |
| commit | c8e09b160023fc943f975baa18e11bdf3e6ecda5 (patch) | |
| tree | 67e9305b08579c70d9eb7ba4bf5941416520fe4f /archivers/unzip/files | |
| parent | 67503489829c392c53f791161e56989a372a10e4 (diff) | |
| download | freebsd-ports-gnome-c8e09b160023fc943f975baa18e11bdf3e6ecda5.tar.gz freebsd-ports-gnome-c8e09b160023fc943f975baa18e11bdf3e6ecda5.tar.zst freebsd-ports-gnome-c8e09b160023fc943f975baa18e11bdf3e6ecda5.zip | |
Apply fix for CVE-2015-1315 from Marc Deslauriers
<marc.deslauriers@canonical.com>.
MFH: 2015Q1
Approved by: so
Diffstat (limited to 'archivers/unzip/files')
| -rw-r--r-- | archivers/unzip/files/extra-iconv-patch-unix_unix.c | 18 |
1 files changed, 15 insertions, 3 deletions
diff --git a/archivers/unzip/files/extra-iconv-patch-unix_unix.c b/archivers/unzip/files/extra-iconv-patch-unix_unix.c index e869ca3b0484..152e3e7295b9 100644 --- a/archivers/unzip/files/extra-iconv-patch-unix_unix.c +++ b/archivers/unzip/files/extra-iconv-patch-unix_unix.c @@ -76,15 +76,27 @@ + + slen = strlen(string); + s = string; -+ dlen = buflen = 2*slen; -+ d = buf = malloc(buflen + 1); ++ ++ /* Make sure OUTBUFSIZ + 1 never ends up smaller than FILNAMSIZ ++ * as this function also gets called with G.outbuf in fileio.c ++ */ ++ buflen = FILNAMSIZ; ++ if (OUTBUFSIZ + 1 < FILNAMSIZ) ++ { ++ buflen = OUTBUFSIZ + 1; ++ } ++ ++ d = buf = malloc(buflen); + if(!d) + goto cleanup; ++ + bzero(buf,buflen); ++ dlen = buflen - 1; ++ + if(iconv(cd, &s, &slen, &d, &dlen) == (size_t)-1) + goto cleanup; + strncpy(string, buf, buflen); -+ ++ + cleanup: + free(buf); + iconv_close(cd); |