rpms/unzip
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Resolves: #1260944 - prevent unsigned overflow on invalid input

Browse Source
This commit is contained in:
Kamil Dudka 2015-09-23 12:41:59 +02:00
parent dbce0b0774
commit d18f821e5f
2 changed files with 43 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
unzip-6.0-heap-overflow-infloop.patch
View File

@ -1,7 +1,7 @@
From bdd4a0cecd745cb4825e4508b5bdf2579731086a Mon Sep 17 00:00:00 2001 From bdd4a0cecd745cb4825e4508b5bdf2579731086a Mon Sep 17 00:00:00 2001
From: Petr Stodulka <pstodulk@redhat.com> From: Petr Stodulka <pstodulk@redhat.com>
Date: Mon, 14 Sep 2015 18:23:17 +0200 Date: Mon, 14 Sep 2015 18:23:17 +0200
Subject: [PATCH 1/2] upstream fix for heap overflow Subject: [PATCH 1/3] upstream fix for heap overflow
https://bugzilla.redhat.com/attachment.cgi?id=1073002 https://bugzilla.redhat.com/attachment.cgi?id=1073002
--- ---
@ -38,7 +38,7 @@ index 784e411..a8975f2 100644
From 4b48844661ff9569f2ecf582a387d46a5775b5d8 Mon Sep 17 00:00:00 2001 From 4b48844661ff9569f2ecf582a387d46a5775b5d8 Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com> From: Kamil Dudka <kdudka@redhat.com>
Date: Mon, 14 Sep 2015 18:24:56 +0200 Date: Mon, 14 Sep 2015 18:24:56 +0200
Subject: [PATCH 2/2] fix infinite loop when extracting empty bzip2 data Subject: [PATCH 2/3] fix infinite loop when extracting empty bzip2 data
Bug: https://sourceforge.net/p/infozip/patches/23/ Bug: https://sourceforge.net/p/infozip/patches/23/
--- ---
@ -65,3 +65,40 @@ index 7134bfe..29db027 100644
-- --
2.4.6 2.4.6
From bd150334fb4084f5555a6be26b015a0671cb5b74 Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
Date: Tue, 22 Sep 2015 18:52:23 +0200
Subject: [PATCH 3/3] extract: prevent unsigned overflow on invalid input
Suggested-by: Stefan Cornelius
---
extract.c | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/extract.c b/extract.c
index 29db027..b9ae667 100644
--- a/extract.c
+++ b/extract.c
@@ -1257,8 +1257,17 @@ static int extract_or_test_entrylist(__G__ numchunk,
if (G.lrec.compression_method == STORED) {
zusz_t csiz_decrypted = G.lrec.csize;
- if (G.pInfo->encrypted)
+ if (G.pInfo->encrypted) {
+ if (csiz_decrypted <= 12) {
+ /* handle the error now to prevent unsigned overflow */
+ Info(slide, 0x401, ((char *)slide,
+ LoadFarStringSmall(ErrUnzipNoFile),
+ LoadFarString(InvalidComprData),
+ LoadFarStringSmall2(Inflate)));
+ return PK_ERR;
+ }
csiz_decrypted -= 12;
+ }
if (G.lrec.ucsize != csiz_decrypted) {
Info(slide, 0x401, ((char *)slide,
LoadFarStringSmall2(WrnStorUCSizCSizDiff),
--
2.5.2

5
unzip.spec
View File

@ -1,7 +1,7 @@
Summary: A utility for unpacking zip files Summary: A utility for unpacking zip files
Name: unzip Name: unzip
Version: 6.0 Version: 6.0
Release: 23%{?dist} Release: 24%{?dist}
License: BSD License: BSD
Group: Applications/Archiving Group: Applications/Archiving
Source: http://downloads.sourceforge.net/infozip/unzip60.tar.gz Source: http://downloads.sourceforge.net/infozip/unzip60.tar.gz
@ -90,6 +90,9 @@ make -f unix/Makefile prefix=$RPM_BUILD_ROOT%{_prefix} MANDIR=$RPM_BUILD_ROOT/%{
%{_mandir}/*/* %{_mandir}/*/*
%changelog %changelog
* Wed Sep 23 2015 Kamil Dudka <kdudka@redhat.com> - 6.0-24
- prevent unsigned overflow on invalid input (#1260944)
* Mon Sep 14 2015 Kamil Dudka <kdudka@redhat.com> - 6.0-23 * Mon Sep 14 2015 Kamil Dudka <kdudka@redhat.com> - 6.0-23
- Fix heap overflow and infinite loop when invalid input is given (#1260947) - Fix heap overflow and infinite loop when invalid input is given (#1260947)