fixed reading of unitialized input (valgrind) and -X works now

This commit is contained in:
Petr Stodulka 2014-11-21 16:36:05 +01:00
parent 23ebc162f6
commit 228318ce86
3 changed files with 70 additions and 3 deletions

26
unzip-6.0-valgrind.patch Normal file
View File

@ -0,0 +1,26 @@
diff --git a/fileio.c b/fileio.c
index ba0a1d0..03fc4be 100644
--- a/fileio.c
+++ b/fileio.c
@@ -2006,6 +2006,7 @@ int do_string(__G__ length, option) /* return PK-type error code */
unsigned comment_bytes_left;
unsigned int block_len;
int error=PK_OK;
+ unsigned int length2;
#ifdef AMIGA
char tmp_fnote[2 * AMIGA_FILENOTELEN]; /* extra room for squozen chars */
#endif
@@ -2292,8 +2293,12 @@ int do_string(__G__ length, option) /* return PK-type error code */
seek_zipf(__G__ G.cur_zipfile_bufstart - G.extra_bytes +
(G.inptr-G.inbuf) + length);
} else {
- if (readbuf(__G__ (char *)G.extra_field, length) == 0)
+ if ((length2 = readbuf(__G__ (char *)G.extra_field, length)) == 0)
return PK_EOF;
+ if(length2 < length) {
+ memset (__G__ (char *)G.extra_field+length2, 0 , length-length2);
+ length = length2;
+ }
/* Looks like here is where extra fields are read */
getZip64Data(__G__ G.extra_field, length);
#ifdef UNICODE_SUPPORT

28
unzip-6.0-x-option.patch Normal file
View File

@ -0,0 +1,28 @@
--- ./process.c.orig 2009-03-06 02:25:10.000000000 +0100
+++ ./process.c 2013-09-12 10:51:16.000000000 +0200
@@ -2895,9 +2895,9 @@
*/
#ifdef IZ_HAVE_UXUIDGID
- if (eb_len >= EB_UX3_MINLEN
- && z_uidgid != NULL
- && (*((EB_HEADSIZE + 0) + ef_buf) == 1)
+ if ((eb_len >= EB_UX3_MINLEN)
+ && (z_uidgid != NULL)
+ && ((*((EB_HEADSIZE + 0) + ef_buf) == 1)))
/* only know about version 1 */
{
uch uid_size;
@@ -2909,10 +2909,10 @@
flags &= ~0x0ff; /* ignore any previous UNIX field */
if ( read_ux3_value((EB_HEADSIZE + 2) + ef_buf,
- uid_size, z_uidgid[0])
+ uid_size, &z_uidgid[0])
&&
read_ux3_value((EB_HEADSIZE + uid_size + 3) + ef_buf,
- gid_size, z_uidgid[1]) )
+ gid_size, &z_uidgid[1]) )
{
flags |= EB_UX2_VALID; /* signal success */
}

View File

@ -1,7 +1,7 @@
Summary: A utility for unpacking zip files Summary: A utility for unpacking zip files
Name: unzip Name: unzip
Version: 6.0 Version: 6.0
Release: 16%{?dist} Release: 17%{?dist}
License: BSD License: BSD
Group: Applications/Archiving Group: Applications/Archiving
Source: http://downloads.sourceforge.net/infozip/unzip60.tar.gz Source: http://downloads.sourceforge.net/infozip/unzip60.tar.gz
@ -29,6 +29,8 @@ Patch9: unzip-6.0-caseinsensitive.patch
# downstream fix for "-Werror=format-security" # downstream fix for "-Werror=format-security"
# upstream doesn't want hear about this option again # upstream doesn't want hear about this option again
Patch10: unzip-6.0-format-secure.patch Patch10: unzip-6.0-format-secure.patch
Patch11: unzip-6.0-valgrind.patch
Patch12: unzip-6.0-x-option.patch
URL: http://www.info-zip.org/UnZip.html URL: http://www.info-zip.org/UnZip.html
BuildRequires: bzip2-devel BuildRequires: bzip2-devel
@ -55,9 +57,14 @@ a zip archive.
%patch8 -p1 -b .symlink %patch8 -p1 -b .symlink
%patch9 -p1 -b .caseinsensitive %patch9 -p1 -b .caseinsensitive
%patch10 -p1 -b .format-secure %patch10 -p1 -b .format-secure
%patch11 -p1 -b .valgrind
%patch12 -p1 -b .x-option
%build %build
make -f unix/Makefile CF_NOOPT="-I. -DUNIX $RPM_OPT_FLAGS -DNOMEMCPY" generic_gcc %{?_smp_mflags} # IZ_HAVE_UXUIDGID is needed for right functionality of unzip -X
# NOMEMCPY solve problem with memory overlapping - decomression is slowly,
# but successfull.
make -f unix/Makefile CF_NOOPT="-I. -DUNIX $RPM_OPT_FLAGS -DNOMEMCPY -DIZ_HAVE_UXUIDGID" generic_gcc %{?_smp_mflags}
%install %install
rm -rf $RPM_BUILD_ROOT rm -rf $RPM_BUILD_ROOT
@ -70,7 +77,13 @@ make -f unix/Makefile prefix=$RPM_BUILD_ROOT%{_prefix} MANDIR=$RPM_BUILD_ROOT/%{
%{_mandir}/*/* %{_mandir}/*/*
%changelog %changelog
* Thu Nov 06 2014 Petr Stodulka <pstodulk@redhat.com> - 6.0-15 * Thu Nov 21 2014 Petr Stodulka <pstodulk@redhat.com> - 6.0-17
- Fix unitialized reads (#558738)
- Fix fix broken -X option - never worked before. Added -DIZ_HAVE_UXUIDGID
option for compilation.
(#935202)
* Thu Nov 06 2014 Petr Stodulka <pstodulk@redhat.com> - 6.0-16
- Fix producing of incorrect output due to memcpy overlapping - Fix producing of incorrect output due to memcpy overlapping
by added option -D NOMEMCPY to compile section. by added option -D NOMEMCPY to compile section.
(#1153388) (#1153388)