gnu/packages/patches/unzip-overflow-on-invalid-input.patch

   1 Extracted from a patch in Fedora.
   2
   3 http://pkgs.fedoraproject.org/cgit/unzip.git/tree/unzip-6.0-heap-overflow-infloop.patch?id=d18f821e
   4
   5 From bd150334fb4084f5555a6be26b015a0671cb5b74 Mon Sep 17 00:00:00 2001
   6 From: Kamil Dudka <kdudka@redhat.com>
   7 Date: Tue, 22 Sep 2015 18:52:23 +0200
   8 Subject: [PATCH 3/3] extract: prevent unsigned overflow on invalid input
   9
  10 Suggested-by: Stefan Cornelius
  11 ---
  12  extract.c | 11 ++++++++++-
  13  1 file changed, 10 insertions(+), 1 deletion(-)
  14
  15 diff --git a/extract.c b/extract.c
  16 index 29db027..b9ae667 100644
  17 --- a/extract.c
  18 +++ b/extract.c
  19 @@ -1257,8 +1257,17 @@ static int extract_or_test_entrylist(__G__ numchunk,
  20          if (G.lrec.compression_method == STORED) {
  21              zusz_t csiz_decrypted = G.lrec.csize;
  22
  23 -            if (G.pInfo->encrypted)
  24 +            if (G.pInfo->encrypted) {
  25 +                if (csiz_decrypted <= 12) {
  26 +                    /* handle the error now to prevent unsigned overflow */
  27 +                    Info(slide, 0x401, ((char *)slide,
  28 +                      LoadFarStringSmall(ErrUnzipNoFile),
  29 +                      LoadFarString(InvalidComprData),
  30 +                      LoadFarStringSmall2(Inflate)));
  31 +                    return PK_ERR;
  32 +                }
  33                  csiz_decrypted -= 12;
  34 +            }
  35              if (G.lrec.ucsize != csiz_decrypted) {
  36                  Info(slide, 0x401, ((char *)slide,
  37                    LoadFarStringSmall2(WrnStorUCSizCSizDiff),
  38 --
  39 2.5.2
  40