rpms/unzip
5
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix: CVE-2018-18384

Browse Source 
Resolves: CVE-2018-18384
This commit is contained in:
Jakub Martisko 2018-11-08 12:14:17 +01:00
parent 0bbb61c4e2
commit 84dde35223
2 changed files with 42 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
unzip-6.0-cve-2018-18384.patch Normal file
View File

@ -0,0 +1,35 @@
--- unzip60/list.c
+++ unzip60/list.c
@@ -97,7 +97,7 @@ int list_files(__G) /* return PK-type
{
int do_this_file=FALSE, cfactor, error, error_in_archive=PK_COOL;
#ifndef WINDLL
- char sgn, cfactorstr[13];
+ char sgn, cfactorstr[1+10+1+1]; /* <sgn><int>%NUL */
int longhdr=(uO.vflag>1);
#endif
int date_format;
@@ -389,9 +389,9 @@ int list_files(__G) /* return PK-type
}
#else /* !WINDLL */
if (cfactor == 100)
- sprintf(cfactorstr, LoadFarString(CompFactor100));
+ snprintf(cfactorstr, sizeof(cfactorstr), LoadFarString(CompFactor100));
else
- sprintf(cfactorstr, LoadFarString(CompFactorStr), sgn, cfactor);
+ snprintf(cfactorstr, sizeof(cfactorstr), LoadFarString(CompFactorStr), sgn, cfactor);
if (longhdr)
Info(slide, 0, ((char *)slide, LoadFarString(LongHdrStats),
FmZofft(G.crec.ucsize, "8", "u"), methbuf,
@@ -471,9 +471,9 @@ int list_files(__G) /* return PK-type
#else /* !WINDLL */
if (cfactor == 100)
- sprintf(cfactorstr, LoadFarString(CompFactor100));
+ snprintf(cfactorstr, sizeof(cfactorstr), LoadFarString(CompFactor100));
else
- sprintf(cfactorstr, LoadFarString(CompFactorStr), sgn, cfactor);
+ snprintf(cfactorstr, sizeof(cfactorstr), LoadFarString(CompFactorStr), sgn, cfactor);
if (longhdr) {
Info(slide, 0, ((char *)slide, LoadFarString(LongFileTrailer),
FmZofft(tot_ucsize, "8", "u"), FmZofft(tot_csize, "8", "u"),

8
unzip.spec
View File

@ -7,7 +7,7 @@
Summary: A utility for unpacking zip files Summary: A utility for unpacking zip files
Name: unzip Name: unzip
Version: 6.0 Version: 6.0
Release: 40%{?dist} Release: 41%{?dist}
License: BSD License: BSD
Group: Applications/Archiving Group: Applications/Archiving
Source: http://downloads.sourceforge.net/infozip/unzip60.tar.gz Source: http://downloads.sourceforge.net/infozip/unzip60.tar.gz
@ -59,6 +59,7 @@ Patch22: unzip-6.0-timestamp.patch
# fix possible heap based stack overflow in passwd protected files # fix possible heap based stack overflow in passwd protected files
Patch23: unzip-6.0-cve-2018-1000035-heap-based-overflow.patch Patch23: unzip-6.0-cve-2018-1000035-heap-based-overflow.patch
Patch24: unzip-6.0-cve-2018-18384.patch
URL: http://www.info-zip.org/UnZip.html URL: http://www.info-zip.org/UnZip.html
@ -100,6 +101,7 @@ a zip archive.
%patch21 -p1 -b .cve-2016-9844 %patch21 -p1 -b .cve-2016-9844
%patch22 -p1 -b .timestamp %patch22 -p1 -b .timestamp
%patch23 -p1 -b .cve-2018-1000035 %patch23 -p1 -b .cve-2018-1000035
%patch24 -p1 -b .cve-2018-18384
%build %build
# IZ_HAVE_UXUIDGID is needed for right functionality of unzip -X # IZ_HAVE_UXUIDGID is needed for right functionality of unzip -X
@ -119,6 +121,10 @@ make -f unix/Makefile prefix=$RPM_BUILD_ROOT%{_prefix} MANDIR=$RPM_BUILD_ROOT/%{
%{_mandir}/*/* %{_mandir}/*/*
%changelog %changelog
* Thu Nov 08 2018 Jakub Martisko <jamartis@redhat.com> - 6.0-41
- Fix CVE-2018-18384
Resolves: CVE-2018-18384
* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 6.0-40 * Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 6.0-40
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild