38 lines
1.5 KiB
Diff
38 lines
1.5 KiB
Diff
Fix CVE-2017-5978:
|
|
|
|
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5978
|
|
|
|
Patch copied from Debian.
|
|
|
|
Index: zziplib-0.13.62/zzip/memdisk.c
|
|
===================================================================
|
|
--- zziplib-0.13.62.orig/zzip/memdisk.c
|
|
+++ zziplib-0.13.62/zzip/memdisk.c
|
|
@@ -180,7 +180,7 @@ zzip_mem_entry_new(ZZIP_DISK * disk, ZZI
|
|
* that exists in the other, ... but we will prefer the disk entry.
|
|
*/
|
|
item->zz_comment = zzip_disk_entry_strdup_comment(disk, entry);
|
|
- item->zz_name = zzip_disk_entry_strdup_name(disk, entry);
|
|
+ item->zz_name = zzip_disk_entry_strdup_name(disk, entry) ?: strdup("");
|
|
item->zz_data = zzip_file_header_to_data(header);
|
|
item->zz_flags = zzip_disk_entry_get_flags(entry);
|
|
item->zz_compr = zzip_disk_entry_get_compr(entry);
|
|
@@ -197,7 +197,7 @@ zzip_mem_entry_new(ZZIP_DISK * disk, ZZI
|
|
int /* */ ext2 = zzip_file_header_get_extras(header);
|
|
char *_zzip_restrict ptr2 = zzip_file_header_to_extras(header);
|
|
|
|
- if (ext1)
|
|
+ if (ext1 && ((ptr1 + ext1) < disk->endbuf))
|
|
{
|
|
void *mem = malloc(ext1 + 2);
|
|
item->zz_ext[1] = mem;
|
|
@@ -206,7 +206,7 @@ zzip_mem_entry_new(ZZIP_DISK * disk, ZZI
|
|
((char *) (mem))[ext1 + 0] = 0;
|
|
((char *) (mem))[ext1 + 1] = 0;
|
|
}
|
|
- if (ext2)
|
|
+ if (ext2 && ((ptr2 + ext2) < disk->endbuf))
|
|
{
|
|
void *mem = malloc(ext2 + 2);
|
|
item->zz_ext[2] = mem;
|