rpms/unzip
5
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix CVE-2016-9844 - buffer overflow in zipinfo

Browse Source 
Resolves: #1404283
This commit is contained in:
Petr Stodulka 2016-12-14 16:59:00 +01:00
parent 45bcfca8da
commit ee4e72f3fc
2 changed files with 46 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
0001-Fix-CVE-2016-9844-rhbz-1404283.patch Normal file
View File

@ -0,0 +1,39 @@
From 754137e70cf58a64ad524b704a86b651ba0cde07 Mon Sep 17 00:00:00 2001
From: Petr Stodulka <pstodulk@redhat.com>
Date: Wed, 14 Dec 2016 16:30:36 +0100
Subject: [PATCH] Fix CVE-2016-9844 (rhbz#1404283)
Fixes buffer overflow in zipinfo in similar way like fix for
CVE-2014-9913 provided by upstream.
---
zipinfo.c | 14 +++++++++++++-
1 file changed, 13 insertions(+), 1 deletion(-)
diff --git a/zipinfo.c b/zipinfo.c
index c03620e..accca2a 100644
--- a/zipinfo.c
+++ b/zipinfo.c
@@ -1984,7 +1984,19 @@ static int zi_short(__G) /* return PK-type error code */
ush dnum=(ush)((G.crec.general_purpose_bit_flag>>1) & 3);
methbuf[3] = dtype[dnum];
} else if (methnum >= NUM_METHODS) { /* unknown */
- sprintf(&methbuf[1], "%03u", G.crec.compression_method);
+ /* 2016-12-05 SMS.
+ * https://launchpad.net/bugs/1643750
+ * Unexpectedly large compression methods overflow
+ * &methbuf[]. Use the old, three-digit decimal format
+ * for values which fit. Otherwise, sacrifice the "u",
+ * and use four-digit hexadecimal.
+ */
+ if (G.crec.compression_method <= 999) {
+ sprintf( &methbuf[ 1], "%03u", G.crec.compression_method);
+ } else {
+ sprintf( &methbuf[ 0], "%04X", G.crec.compression_method);
+ }
+
}
for (k = 0; k < 15; ++k)
--
2.5.5

9
unzip.spec
View File

@ -7,7 +7,7 @@
Summary: A utility for unpacking zip files Summary: A utility for unpacking zip files
Name: unzip Name: unzip
Version: 6.0 Version: 6.0
Release: 30%{?dist} Release: 31%{?dist}
License: BSD License: BSD
Group: Applications/Archiving Group: Applications/Archiving
Source: http://downloads.sourceforge.net/infozip/unzip60.tar.gz Source: http://downloads.sourceforge.net/infozip/unzip60.tar.gz
@ -49,6 +49,7 @@ Patch18: unzip-6.0-heap-overflow-infloop.patch
# support non-{latin,unicode} encoding # support non-{latin,unicode} encoding
Patch19: unzip-6.0-alt-iconv-utf8.patch Patch19: unzip-6.0-alt-iconv-utf8.patch
Patch20: unzip-6.0-alt-iconv-utf8-print.patch Patch20: unzip-6.0-alt-iconv-utf8-print.patch
Patch21: 0001-Fix-CVE-2016-9844-rhbz-1404283.patch
URL: http://www.info-zip.org/UnZip.html URL: http://www.info-zip.org/UnZip.html
BuildRequires: bzip2-devel BuildRequires: bzip2-devel
@ -86,7 +87,7 @@ a zip archive.
%patch18 -p1 -b .heap-overflow-infloop %patch18 -p1 -b .heap-overflow-infloop
%patch19 -p1 -b .utf %patch19 -p1 -b .utf
%patch20 -p1 -b .utf-print %patch20 -p1 -b .utf-print
%patch21 -p1 -b .cve-2016-9844
%build %build
# IZ_HAVE_UXUIDGID is needed for right functionality of unzip -X # IZ_HAVE_UXUIDGID is needed for right functionality of unzip -X
@ -106,6 +107,10 @@ make -f unix/Makefile prefix=$RPM_BUILD_ROOT%{_prefix} MANDIR=$RPM_BUILD_ROOT/%{
%{_mandir}/*/* %{_mandir}/*/*
%changelog %changelog
* Wed Dec 14 2016 Petr Stodulka <pstodulk@redhat.com> - 6.0-31
- Fix CVE-2016-9844 - buffer overflow in zipinfo
Resolves: #1404283
* Thu Jul 14 2016 Petr Stodulka <pstodulk@redhat.com> - 6.0-30 * Thu Jul 14 2016 Petr Stodulka <pstodulk@redhat.com> - 6.0-30
- rename patch unzip-6.0-nostrip.patch to unzip-6.0-configure.patch - rename patch unzip-6.0-nostrip.patch to unzip-6.0-configure.patch
so linking is now configurable from the spec file so linking is now configurable from the spec file