29 lines
1018 B
Diff
29 lines
1018 B
Diff
|
From a803559fa9194be895422ba3684cf6309b6bb598 Mon Sep 17 00:00:00 2001
|
||
|
|
From: Guido Draheim <guidod@gmx.de>
|
||
|
|
Date: Thu, 1 Feb 2018 12:27:49 +0100
|
||
|
|
Subject: [PATCH] merge CVE-2018-6381.patch from @jmoellers #12
|
||
|
|
|
||
|
|
---
|
||
|
|
zzip/memdisk.c | 8 ++++++++
|
||
|
|
1 file changed, 8 insertions(+)
|
||
|
|
|
||
|
|
diff --git a/zzip/memdisk.c b/zzip/memdisk.c
|
||
|
|
index cab883b..a85dab0 100644
|
||
|
|
--- a/zzip/memdisk.c
|
||
|
|
+++ b/zzip/memdisk.c
|
||
|
|
@@ -210,6 +210,14 @@ zzip_mem_entry_new(ZZIP_DISK * disk, ZZIP_DISK_ENTRY * entry)
|
||
|
|
item->zz_diskstart = zzip_disk_entry_get_diskstart(entry);
|
||
|
|
item->zz_filetype = zzip_disk_entry_get_filetype(entry);
|
||
|
|
|
||
|
|
+ /*
|
||
|
|
+ * If the file is uncompressed, zz_csize and zz_usize should be the same
|
||
|
|
+ * If they are not, we cannot guarantee that either is correct, so ...
|
||
|
|
+ */
|
||
|
|
+ if (item->zz_compr == ZZIP_IS_STORED && item->zz_csize != item->zz_usize)
|
||
|
|
+ {
|
||
|
|
+ goto error;
|
||
|
|
+ }
|
||
|
|
/* zz_comment and zz_name are empty strings if not present on disk */
|
||
|
|
if (! item->zz_comment || ! item->zz_name)
|
||
|
|
{
|