Fix: CVE-2018-18384

Resolves: CVE-2018-18384
2018-11-08 12:14:17 +01:00 · 2018-11-08 12:14:17 +01:00 · 84dde35223
commit 84dde35223
parent 0bbb61c4e2
2 changed files with 42 additions and 1 deletions
--- a/unzip-6.0-cve-2018-18384.patch
+++ b/unzip-6.0-cve-2018-18384.patch
@ -0,0 +1,35 @@
+--- unzip60/list.c	
+++ unzip60/list.c	
+@@ -97,7 +97,7 @@ int list_files(__G)    /* return PK-type
+ {
+     int do_this_file=FALSE, cfactor, error, error_in_archive=PK_COOL;
+ #ifndef WINDLL
+-    char sgn, cfactorstr[13];
+    char sgn, cfactorstr[1+10+1+1];	/* <sgn><int>%NUL */
+     int longhdr=(uO.vflag>1);
+ #endif
+     int date_format;
+@@ -389,9 +389,9 @@ int list_files(__G)    /* return PK-type
+             }
+ #else /* !WINDLL */
+             if (cfactor == 100)
+-                sprintf(cfactorstr, LoadFarString(CompFactor100));
+                snprintf(cfactorstr, sizeof(cfactorstr), LoadFarString(CompFactor100));
+             else
+-                sprintf(cfactorstr, LoadFarString(CompFactorStr), sgn, cfactor);
+                snprintf(cfactorstr, sizeof(cfactorstr), LoadFarString(CompFactorStr), sgn, cfactor);
+             if (longhdr)
+                 Info(slide, 0, ((char *)slide, LoadFarString(LongHdrStats),
+                   FmZofft(G.crec.ucsize, "8", "u"), methbuf,
+@@ -471,9 +471,9 @@ int list_files(__G)    /* return PK-type
+ 
+ #else /* !WINDLL */
+         if (cfactor == 100)
+-            sprintf(cfactorstr, LoadFarString(CompFactor100));
+            snprintf(cfactorstr, sizeof(cfactorstr), LoadFarString(CompFactor100));
+         else
+-            sprintf(cfactorstr, LoadFarString(CompFactorStr), sgn, cfactor);
+            snprintf(cfactorstr, sizeof(cfactorstr), LoadFarString(CompFactorStr), sgn, cfactor);
+         if (longhdr) {
+             Info(slide, 0, ((char *)slide, LoadFarString(LongFileTrailer),
+               FmZofft(tot_ucsize, "8", "u"), FmZofft(tot_csize, "8", "u"),
--- a/unzip.spec
+++ b/unzip.spec
@ -7,7 +7,7 @@
 Summary: A utility for unpacking zip files
 Name: unzip
 Version: 6.0
-Release: 40%{?dist}
+Release: 41%{?dist}
 License: BSD
 Group: Applications/Archiving
 Source: http://downloads.sourceforge.net/infozip/unzip60.tar.gz
@ -59,6 +59,7 @@ Patch22: unzip-6.0-timestamp.patch

 # fix possible heap based stack overflow in passwd protected files
 Patch23: unzip-6.0-cve-2018-1000035-heap-based-overflow.patch
+Patch24: unzip-6.0-cve-2018-18384.patch


 URL: http://www.info-zip.org/UnZip.html
@ -100,6 +101,7 @@ a zip archive.
 %patch21 -p1 -b .cve-2016-9844
 %patch22 -p1 -b .timestamp
 %patch23 -p1 -b .cve-2018-1000035
+%patch24 -p1 -b .cve-2018-18384

 %build
 # IZ_HAVE_UXUIDGID is needed for right functionality of unzip -X
@ -119,6 +121,10 @@ make -f unix/Makefile prefix=$RPM_BUILD_ROOT%{_prefix} MANDIR=$RPM_BUILD_ROOT/%{
 %{_mandir}/*/*

 %changelog
+* Thu Nov 08 2018 Jakub Martisko <jamartis@redhat.com> - 6.0-41
+- Fix CVE-2018-18384
+  Resolves: CVE-2018-18384
+
 * Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 6.0-40
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild