diff options
| author | Mark H Weaver <mhw@netris.org> | 2015-10-22 14:54:43 -0400 |
|---|---|---|
| committer | Mark H Weaver <mhw@netris.org> | 2015-10-23 23:12:06 -0400 |
| commit | 51de92a08e11b11ac9e5bbb2938be2ad0de02d80 (patch) | |
| tree | 6203b6bfb46a4fc9541d3f9922ba5c59c295115d /gnu/packages/patches/unzip-overflow-on-invalid-input.patch | |
| parent | d3365d486636b36c95ce17deefbc169f3d4f0e9a (diff) | |
| download | gnu-guix-51de92a08e11b11ac9e5bbb2938be2ad0de02d80.tar gnu-guix-51de92a08e11b11ac9e5bbb2938be2ad0de02d80.tar.gz | |
gnu: unzip: Reorganize security fixes for improved clarity.
* gnu/packages/patches/unzip-fix-overflows-and-infloop.patch: Delete
file. Its contents are now split into the following new files:
* gnu/packages/patches/unzip-CVE-2015-7696.patch,
gnu/packages/patches/unzip-CVE-2015-7697.patch,
gnu/packages/patches/unzip-overflow-on-invalid-input.patch: New files.
* gnu-system.am (dist_patch_DATA): Adjust accordingly.
* gnu/packages/zip.scm (unzip)[source]: Adjust patches accordingly.
Diffstat (limited to 'gnu/packages/patches/unzip-overflow-on-invalid-input.patch')
| -rw-r--r-- | gnu/packages/patches/unzip-overflow-on-invalid-input.patch | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/gnu/packages/patches/unzip-overflow-on-invalid-input.patch b/gnu/packages/patches/unzip-overflow-on-invalid-input.patch new file mode 100644 index 0000000000..013002a88c --- /dev/null +++ b/gnu/packages/patches/unzip-overflow-on-invalid-input.patch @@ -0,0 +1,40 @@ +Extracted from a patch in Fedora. + +http://pkgs.fedoraproject.org/cgit/unzip.git/tree/unzip-6.0-heap-overflow-infloop.patch?id=d18f821e + +From bd150334fb4084f5555a6be26b015a0671cb5b74 Mon Sep 17 00:00:00 2001 +From: Kamil Dudka <kdudka@redhat.com> +Date: Tue, 22 Sep 2015 18:52:23 +0200 +Subject: [PATCH 3/3] extract: prevent unsigned overflow on invalid input + +Suggested-by: Stefan Cornelius +--- + extract.c | 11 ++++++++++- + 1 file changed, 10 insertions(+), 1 deletion(-) + +diff --git a/extract.c b/extract.c +index 29db027..b9ae667 100644 +--- a/extract.c ++++ b/extract.c +@@ -1257,8 +1257,17 @@ static int extract_or_test_entrylist(__G__ numchunk, + if (G.lrec.compression_method == STORED) { + zusz_t csiz_decrypted = G.lrec.csize; + +- if (G.pInfo->encrypted) ++ if (G.pInfo->encrypted) { ++ if (csiz_decrypted <= 12) { ++ /* handle the error now to prevent unsigned overflow */ ++ Info(slide, 0x401, ((char *)slide, ++ LoadFarStringSmall(ErrUnzipNoFile), ++ LoadFarString(InvalidComprData), ++ LoadFarStringSmall2(Inflate))); ++ return PK_ERR; ++ } + csiz_decrypted -= 12; ++ } + if (G.lrec.ucsize != csiz_decrypted) { + Info(slide, 0x401, ((char *)slide, + LoadFarStringSmall2(WrnStorUCSizCSizDiff), +-- +2.5.2 + |