aboutsummaryrefslogtreecommitdiff
path: root/gnu/packages/patches/zziplib-CVE-2017-5974.patch
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches/zziplib-CVE-2017-5974.patch')
-rw-r--r--gnu/packages/patches/zziplib-CVE-2017-5974.patch28
1 files changed, 28 insertions, 0 deletions
diff --git a/gnu/packages/patches/zziplib-CVE-2017-5974.patch b/gnu/packages/patches/zziplib-CVE-2017-5974.patch
new file mode 100644
index 0000000000..9ae02103e7
--- /dev/null
+++ b/gnu/packages/patches/zziplib-CVE-2017-5974.patch
@@ -0,0 +1,28 @@
+Fix CVE-2017-5974:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5974
+
+Patch copied from Debian.
+
+Index: zziplib-0.13.62/zzip/memdisk.c
+===================================================================
+--- zziplib-0.13.62.orig/zzip/memdisk.c
++++ zziplib-0.13.62/zzip/memdisk.c
+@@ -216,12 +216,12 @@ zzip_mem_entry_new(ZZIP_DISK * disk, ZZI
+ /* override sizes/offsets with zip64 values for largefile support */
+ zzip_extra_zip64 *block = (zzip_extra_zip64 *)
+ zzip_mem_entry_extra_block(item, ZZIP_EXTRA_zip64);
+- if (block)
++ if (block && ZZIP_GET16(block->z_datasize) >= (8 + 8 + 8 + 4))
+ {
+- item->zz_usize = __zzip_get64(block->z_usize);
+- item->zz_csize = __zzip_get64(block->z_csize);
+- item->zz_offset = __zzip_get64(block->z_offset);
+- item->zz_diskstart = __zzip_get32(block->z_diskstart);
++ item->zz_usize = ZZIP_GET64(block->z_usize);
++ item->zz_csize = ZZIP_GET64(block->z_csize);
++ item->zz_offset = ZZIP_GET64(block->z_offset);
++ item->zz_diskstart = ZZIP_GET32(block->z_diskstart);
+ }
+ }
+ /* NOTE: