gnu/packages/patches/unzip-COVSCAN-fix-unterminated-string.patch

   1 From 06d1b08aef94984256cad3c5a54cedb10295681f Mon Sep 17 00:00:00 2001
   2 From: Jakub Martisko <jamartis@redhat.com>
   3 Date: Thu, 8 Nov 2018 09:31:18 +0100
   4 Subject: [PATCH] Possible unterminated string fix
   5
   6 ---
   7  unix/unix.c   |  4 +++-
   8  unix/unxcfg.h |  2 +-
   9  unzip.c       | 12 ++++++++----
  10  zipinfo.c     | 12 ++++++++----
  11  4 files changed, 20 insertions(+), 10 deletions(-)
  12
  13 diff --git a/unix/unix.c b/unix/unix.c
  14 index 59b622d..cd57f80 100644
  15 --- a/unix/unix.c
  16 +++ b/unix/unix.c
  17 @@ -1945,7 +1945,9 @@ void init_conversion_charsets()
  18         for(i = 0; i < sizeof(dos_charset_map)/sizeof(CHARSET_MAP); i++)
  19                 if(!strcasecmp(local_charset, dos_charset_map[i].local_charset)) {
  20                         strncpy(OEM_CP, dos_charset_map[i].archive_charset,
  21 -                                       sizeof(OEM_CP));
  22 +                                       MAX_CP_NAME - 1);
  23 +
  24 +                       OEM_CP[MAX_CP_NAME - 1] = '\0';
  25                         break;
  26                 }
  27      }
  28 diff --git a/unix/unxcfg.h b/unix/unxcfg.h
  29 index 8729de2..9ee8cfe 100644
  30 --- a/unix/unxcfg.h
  31 +++ b/unix/unxcfg.h
  32 @@ -228,7 +228,7 @@ typedef struct stat z_stat;
  33  /*    and notfirstcall are used by do_wild().                          */
  34
  35
  36 -#define MAX_CP_NAME 25
  37 +#define MAX_CP_NAME 25 + 1
  38
  39  #ifdef SETLOCALE
  40  #  undef SETLOCALE
  41 diff --git a/unzip.c b/unzip.c
  42 index 2d94a38..a485f2b 100644
  43 --- a/unzip.c
  44 +++ b/unzip.c
  45 @@ -1561,7 +1561,8 @@ int uz_opts(__G__ pargc, pargv)
  46                                           "error:  a valid character encoding should follow the -I argument"));
  47                                 return(PK_PARAM);
  48                                                 }
  49 -                                               strncpy(ISO_CP, s, sizeof(ISO_CP));
  50 +                                               strncpy(ISO_CP, s, MAX_CP_NAME - 1);
  51 +                ISO_CP[MAX_CP_NAME - 1] = '\0';
  52                                         } else { /* -I charset */
  53                                                 ++argv;
  54                                                 if(!(--argc > 0 && *argv != NULL && **argv != '-')) {
  55 @@ -1570,7 +1571,8 @@ int uz_opts(__G__ pargc, pargv)
  56                                 return(PK_PARAM);
  57                                                 }
  58                                                 s = *argv;
  59 -                                               strncpy(ISO_CP, s, sizeof(ISO_CP));
  60 +                                               strncpy(ISO_CP, s, MAX_CP_NAME - 1);
  61 +                ISO_CP[MAX_CP_NAME - 1] = '\0';
  62                                         }
  63                                         while(*(++s)); /* No params straight after charset name */
  64                                 }
  65 @@ -1665,7 +1667,8 @@ int uz_opts(__G__ pargc, pargv)
  66                                           "error:  a valid character encoding should follow the -I argument"));
  67                                 return(PK_PARAM);
  68                                                 }
  69 -                                               strncpy(OEM_CP, s, sizeof(OEM_CP));
  70 +                                               strncpy(OEM_CP, s, MAX_CP_NAME - 1);
  71 +                OEM_CP[MAX_CP_NAME - 1] = '\0';
  72                                         } else { /* -O charset */
  73                                                 ++argv;
  74                                                 if(!(--argc > 0 && *argv != NULL && **argv != '-')) {
  75 @@ -1674,7 +1677,8 @@ int uz_opts(__G__ pargc, pargv)
  76                                 return(PK_PARAM);
  77                                                 }
  78                                                 s = *argv;
  79 -                                               strncpy(OEM_CP, s, sizeof(OEM_CP));
  80 +                                               strncpy(OEM_CP, s, MAX_CP_NAME - 1);
  81 +                OEM_CP[MAX_CP_NAME - 1] = '\0';
  82                                         }
  83                                         while(*(++s)); /* No params straight after charset name */
  84                                 }
  85 diff --git a/zipinfo.c b/zipinfo.c
  86 index accca2a..cb7e08d 100644
  87 --- a/zipinfo.c
  88 +++ b/zipinfo.c
  89 @@ -519,7 +519,8 @@ int zi_opts(__G__ pargc, pargv)
  90                                           "error:  a valid character encoding should follow the -I argument"));
  91                                 return(PK_PARAM);
  92                                                 }
  93 -                                               strncpy(ISO_CP, s, sizeof(ISO_CP));
  94 +                                               strncpy(ISO_CP, s, MAX_CP_NAME - 1);
  95 +                ISO_CP[MAX_CP_NAME - 1] = '\0';
  96                                         } else { /* -I charset */
  97                                                 ++argv;
  98                                                 if(!(--argc > 0 && *argv != NULL && **argv != '-')) {
  99 @@ -528,7 +529,8 @@ int zi_opts(__G__ pargc, pargv)
 100                                 return(PK_PARAM);
 101                                                 }
 102                                                 s = *argv;
 103 -                                               strncpy(ISO_CP, s, sizeof(ISO_CP));
 104 +                                               strncpy(ISO_CP, s, MAX_CP_NAME - 1);
 105 +                ISO_CP[MAX_CP_NAME - 1] = '\0';
 106                                         }
 107                                         while(*(++s)); /* No params straight after charset name */
 108                                 }
 109 @@ -568,7 +570,8 @@ int zi_opts(__G__ pargc, pargv)
 110                                           "error:  a valid character encoding should follow the -I argument"));
 111                                 return(PK_PARAM);
 112                                                 }
 113 -                                               strncpy(OEM_CP, s, sizeof(OEM_CP));
 114 +                                               strncpy(OEM_CP, s, MAX_CP_NAME - 1);
 115 +                OEM_CP[MAX_CP_NAME - 1] = '\0';
 116                                         } else { /* -O charset */
 117                                                 ++argv;
 118                                                 if(!(--argc > 0 && *argv != NULL && **argv != '-')) {
 119 @@ -577,7 +580,8 @@ int zi_opts(__G__ pargc, pargv)
 120                                 return(PK_PARAM);
 121                                                 }
 122                                                 s = *argv;
 123 -                                               strncpy(OEM_CP, s, sizeof(OEM_CP));
 124 +                                               strncpy(OEM_CP, s, MAX_CP_NAME - 1);
 125 +                OEM_CP[MAX_CP_NAME - 1] = '\0';
 126                                         }
 127                                         while(*(++s)); /* No params straight after charset name */
 128                                 }
 129 --
 130 2.14.5
 131