- security fix CVE-2014-9636 (#1184986)

This commit is contained in:
Petr Stodulka 2015-01-26 09:28:07 +01:00
parent 0cc72ee6f2
commit 9e783e27d0
2 changed files with 30 additions and 0 deletions

25
unzip-6.0-overflow.patch Normal file
View File

@ -0,0 +1,25 @@
diff --git a/extract.c b/extract.c
index a0a4929..9ef80b3 100644
--- a/extract.c
+++ b/extract.c
@@ -2214,6 +2214,7 @@ static int test_compr_eb(__G__ eb, eb_size, compr_offset, test_uc_ebdata)
ulg eb_ucsize;
uch *eb_ucptr;
int r;
+ ush method;
if (compr_offset < 4) /* field is not compressed: */
return PK_OK; /* do nothing and signal OK */
@@ -2223,6 +2224,12 @@ static int test_compr_eb(__G__ eb, eb_size, compr_offset, test_uc_ebdata)
eb_size <= (compr_offset + EB_CMPRHEADLEN)))
return IZ_EF_TRUNC; /* no compressed data! */
+ method = makeword(eb + (EB_HEADSIZE + compr_offset));
+ if ((method == STORED) && (eb_size - compr_offset != eb_ucsize))
+ return PK_ERR; /* compressed & uncompressed
+ * should match in STORED
+ * method */
+
if (
#ifdef INT_16BIT
(((ulg)(extent)eb_ucsize) != eb_ucsize) ||

View File

@ -31,6 +31,7 @@ Patch9: unzip-6.0-caseinsensitive.patch
Patch10: unzip-6.0-format-secure.patch
Patch11: unzip-6.0-valgrind.patch
Patch12: unzip-6.0-x-option.patch
Patch13: unzip-6.0-overflow.patch
URL: http://www.info-zip.org/UnZip.html
BuildRequires: bzip2-devel
@ -59,6 +60,7 @@ a zip archive.
%patch10 -p1 -b .format-secure
%patch11 -p1 -b .valgrind
%patch12 -p1 -b .x-option
%patch13 -p1 -b .overflow
%build
# IZ_HAVE_UXUIDGID is needed for right functionality of unzip -X
@ -77,6 +79,9 @@ make -f unix/Makefile prefix=$RPM_BUILD_ROOT%{_prefix} MANDIR=$RPM_BUILD_ROOT/%{
%{_mandir}/*/*
%changelog
* Tue Jan 26 2015 Petr Stodulka <pstodulk@redhat.com> - 6.0-18
- Fix security bug - CVE-2014-9636
* Thu Nov 21 2014 Petr Stodulka <pstodulk@redhat.com> - 6.0-17
- Fix unitialized reads (#558738)
- Fix fix broken -X option - never worked before. Added -DIZ_HAVE_UXUIDGID