aboutsummaryrefslogtreecommitdiff
path: root/gnu/packages/patches/zziplib-CVE-2017-5978.patch
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches/zziplib-CVE-2017-5978.patch')
-rw-r--r--gnu/packages/patches/zziplib-CVE-2017-5978.patch37
1 files changed, 37 insertions, 0 deletions
diff --git a/gnu/packages/patches/zziplib-CVE-2017-5978.patch b/gnu/packages/patches/zziplib-CVE-2017-5978.patch
new file mode 100644
index 0000000000..452b14f804
--- /dev/null
+++ b/gnu/packages/patches/zziplib-CVE-2017-5978.patch
@@ -0,0 +1,37 @@
+Fix CVE-2017-5978:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5978
+
+Patch copied from Debian.
+
+Index: zziplib-0.13.62/zzip/memdisk.c
+===================================================================
+--- zziplib-0.13.62.orig/zzip/memdisk.c
++++ zziplib-0.13.62/zzip/memdisk.c
+@@ -180,7 +180,7 @@ zzip_mem_entry_new(ZZIP_DISK * disk, ZZI
+ * that exists in the other, ... but we will prefer the disk entry.
+ */
+ item->zz_comment = zzip_disk_entry_strdup_comment(disk, entry);
+- item->zz_name = zzip_disk_entry_strdup_name(disk, entry);
++ item->zz_name = zzip_disk_entry_strdup_name(disk, entry) ?: strdup("");
+ item->zz_data = zzip_file_header_to_data(header);
+ item->zz_flags = zzip_disk_entry_get_flags(entry);
+ item->zz_compr = zzip_disk_entry_get_compr(entry);
+@@ -197,7 +197,7 @@ zzip_mem_entry_new(ZZIP_DISK * disk, ZZI
+ int /* */ ext2 = zzip_file_header_get_extras(header);
+ char *_zzip_restrict ptr2 = zzip_file_header_to_extras(header);
+
+- if (ext1)
++ if (ext1 && ((ptr1 + ext1) < disk->endbuf))
+ {
+ void *mem = malloc(ext1 + 2);
+ item->zz_ext[1] = mem;
+@@ -206,7 +206,7 @@ zzip_mem_entry_new(ZZIP_DISK * disk, ZZI
+ ((char *) (mem))[ext1 + 0] = 0;
+ ((char *) (mem))[ext1 + 1] = 0;
+ }
+- if (ext2)
++ if (ext2 && ((ptr2 + ext2) < disk->endbuf))
+ {
+ void *mem = malloc(ext2 + 2);
+ item->zz_ext[2] = mem;