aboutsummaryrefslogtreecommitdiff
path: root/gnu/packages/patches/zziplib-CVE-2017-5981.patch
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches/zziplib-CVE-2017-5981.patch')
-rw-r--r--gnu/packages/patches/zziplib-CVE-2017-5981.patch19
1 files changed, 19 insertions, 0 deletions
diff --git a/gnu/packages/patches/zziplib-CVE-2017-5981.patch b/gnu/packages/patches/zziplib-CVE-2017-5981.patch
new file mode 100644
index 0000000000..ed82cb3b91
--- /dev/null
+++ b/gnu/packages/patches/zziplib-CVE-2017-5981.patch
@@ -0,0 +1,19 @@
+Fix CVE-2017-5981:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5981
+
+Patch copied from Debian.
+Index: zziplib-0.13.62/zzip/fseeko.c
+===================================================================
+--- zziplib-0.13.62.orig/zzip/fseeko.c
++++ zziplib-0.13.62/zzip/fseeko.c
+@@ -311,7 +311,8 @@ zzip_entry_findfirst(FILE * disk)
+ } else
+ continue;
+
+- assert(0 <= root && root < mapsize);
++ if (root < 0 || root >= mapsize)
++ goto error;
+ if (fseeko(disk, root, SEEK_SET) == -1)
+ goto error;
+ if (fread(disk_(entry), 1, sizeof(*disk_(entry)), disk)