aboutsummaryrefslogtreecommitdiff
path: root/gnu/packages/patches/zziplib-CVE-2017-5976.patch
diff options
context:
space:
mode:
authorMark H Weaver <mhw@netris.org>2017-06-18 02:36:51 -0400
committerMark H Weaver <mhw@netris.org>2017-06-18 02:36:51 -0400
commit9d4385634d098cc0fb35bfe58179f7d855352e39 (patch)
tree653cfd7a6faecaf42129b1aa47703e7bd01bc471 /gnu/packages/patches/zziplib-CVE-2017-5976.patch
parenta6aff3528c32cc921bddd78b254678a1fc121f21 (diff)
parent96fd87c96bd6987a967575aaa931c5a7b1c84e21 (diff)
downloadgnu-guix-9d4385634d098cc0fb35bfe58179f7d855352e39.tar
gnu-guix-9d4385634d098cc0fb35bfe58179f7d855352e39.tar.gz
Merge branch 'master' into core-updates
Diffstat (limited to 'gnu/packages/patches/zziplib-CVE-2017-5976.patch')
-rw-r--r--gnu/packages/patches/zziplib-CVE-2017-5976.patch61
1 files changed, 61 insertions, 0 deletions
diff --git a/gnu/packages/patches/zziplib-CVE-2017-5976.patch b/gnu/packages/patches/zziplib-CVE-2017-5976.patch
new file mode 100644
index 0000000000..17fc30e302
--- /dev/null
+++ b/gnu/packages/patches/zziplib-CVE-2017-5976.patch
@@ -0,0 +1,61 @@
+Fix CVE-2017-5976:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5976
+
+Patch copied from Debian.
+
+Index: zziplib-0.13.62/zzip/memdisk.c
+===================================================================
+--- zziplib-0.13.62.orig/zzip/memdisk.c
++++ zziplib-0.13.62/zzip/memdisk.c
+@@ -201,6 +201,7 @@ zzip_mem_entry_new(ZZIP_DISK * disk, ZZI
+ {
+ void *mem = malloc(ext1 + 2);
+ item->zz_ext[1] = mem;
++ item->zz_extlen[1] = ext1 + 2;
+ memcpy(mem, ptr1, ext1);
+ ((char *) (mem))[ext1 + 0] = 0;
+ ((char *) (mem))[ext1 + 1] = 0;
+@@ -209,6 +210,7 @@ zzip_mem_entry_new(ZZIP_DISK * disk, ZZI
+ {
+ void *mem = malloc(ext2 + 2);
+ item->zz_ext[2] = mem;
++ item->zz_extlen[2] = ext2 + 2;
+ memcpy(mem, ptr2, ext2);
+ ((char *) (mem))[ext2 + 0] = 0;
+ ((char *) (mem))[ext2 + 1] = 0;
+@@ -245,8 +247,10 @@ zzip_mem_entry_extra_block(ZZIP_MEM_ENTR
+ while (1)
+ {
+ ZZIP_EXTRA_BLOCK *ext = entry->zz_ext[i];
+- if (ext)
++ if (ext && (entry->zz_extlen[i] >= zzip_extra_block_headerlength))
+ {
++ char *endblock = (char *)ext + entry->zz_extlen[i];
++
+ while (*(short *) (ext->z_datatype))
+ {
+ if (datatype == zzip_extra_block_get_datatype(ext))
+@@ -257,6 +261,10 @@ zzip_mem_entry_extra_block(ZZIP_MEM_ENTR
+ e += zzip_extra_block_headerlength;
+ e += zzip_extra_block_get_datasize(ext);
+ ext = (void *) e;
++ if (e >= endblock)
++ {
++ break;
++ }
+ ____;
+ }
+ }
+Index: zziplib-0.13.62/zzip/memdisk.h
+===================================================================
+--- zziplib-0.13.62.orig/zzip/memdisk.h
++++ zziplib-0.13.62/zzip/memdisk.h
+@@ -66,6 +66,7 @@ struct _zzip_mem_entry {
+ int zz_filetype; /* (from "z_filetype") */
+ char* zz_comment; /* zero-terminated (from "comment") */
+ ZZIP_EXTRA_BLOCK* zz_ext[3]; /* terminated by null in z_datatype */
++ int zz_extlen[3]; /* length of zz_ext[i] in bytes */
+ }; /* the extra blocks are NOT converted */
+
+ #define _zzip_mem_disk_findfirst(_d_) ((_d_)->list)