Fix CVE-2020-18442

Resolves: rhbz#1977964
This commit is contained in:
Jakub Martisko 2021-07-22 16:59:54 +02:00
parent 634bd2d780
commit 57e73671d3
2 changed files with 227 additions and 1 deletions

218
CVE-2020-18442.patch Normal file
View File

@ -0,0 +1,218 @@
From ac9ae39ef419e9f0f83da1e583314d8c7cda34a6 Mon Sep 17 00:00:00 2001
From: Guido Draheim <guidod@gmx.de>
Date: Mon, 4 Jan 2021 21:48:45 +0100
Subject: [PATCH 1/7] #68 ssize_t return value of zzip_file_read is a signed
value being possibly -1
---
bins/unzzipcat-zip.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/bins/unzzipcat-zip.c b/bins/unzzipcat-zip.c
index dd78c2b..385aeaf 100644
--- a/bins/unzzipcat-zip.c
+++ b/bins/unzzipcat-zip.c
@@ -34,7 +34,7 @@ static void unzzip_cat_file(ZZIP_DIR* disk, char* name, FILE* out)
if (file)
{
char buffer[1024]; int len;
- while ((len = zzip_file_read (file, buffer, 1024)))
+ while (0 < (len = zzip_file_read (file, buffer, 1024)))
{
fwrite (buffer, 1, len, out);
}
--
2.32.0
From 7e786544084548da7fcfcd9090d3c4e7f5777f7e Mon Sep 17 00:00:00 2001
From: Guido Draheim <guidod@gmx.de>
Date: Mon, 4 Jan 2021 21:50:26 +0100
Subject: [PATCH 2/7] #68 return value of zzip_mem_disk_fread is signed
---
bins/unzip-mem.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/bins/unzip-mem.c b/bins/unzip-mem.c
index cc009f8..50eb5a6 100644
--- a/bins/unzip-mem.c
+++ b/bins/unzip-mem.c
@@ -81,7 +81,7 @@ static void zzip_mem_entry_pipe(ZZIP_MEM_DISK* disk,
if (file)
{
char buffer[1024]; int len;
- while ((len = zzip_mem_disk_fread (buffer, 1024, 1, file)))
+ while (0 < (len = zzip_mem_disk_fread (buffer, 1024, 1, file)))
fwrite (buffer, len, 1, out);
zzip_mem_disk_fclose (file);
@@ -115,7 +115,7 @@ static void zzip_mem_entry_test(ZZIP_MEM_DISK* disk,
{
unsigned long crc = crc32 (0L, NULL, 0);
unsigned char buffer[1024]; int len;
- while ((len = zzip_mem_disk_fread (buffer, 1024, 1, file))) {
+ while (0 < (len = zzip_mem_disk_fread (buffer, 1024, 1, file))) {
crc = crc32 (crc, buffer, len);
}
--
2.32.0
From d453977f59ca59c61bf59dec28dd724498828f2a Mon Sep 17 00:00:00 2001
From: Guido Draheim <guidod@gmx.de>
Date: Mon, 4 Jan 2021 21:51:12 +0100
Subject: [PATCH 3/7] #68 return value of zzip_entry_fread is signed
---
bins/unzzipcat-big.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/bins/unzzipcat-big.c b/bins/unzzipcat-big.c
index 111ef47..ecebe11 100644
--- a/bins/unzzipcat-big.c
+++ b/bins/unzzipcat-big.c
@@ -26,7 +26,7 @@ static void unzzip_big_entry_fprint(ZZIP_ENTRY* entry, FILE* out)
if (file)
{
char buffer[1024]; int len;
- while ((len = zzip_entry_fread (buffer, 1024, 1, file)))
+ while (0 < (len = zzip_entry_fread (buffer, 1024, 1, file)))
{
DBG2("entry read %i", len);
fwrite (buffer, len, 1, out);
@@ -45,7 +45,7 @@ static void unzzip_cat_file(FILE* disk, char* name, FILE* out)
if (file)
{
char buffer[1024]; int len;
- while ((len = zzip_entry_fread (buffer, 1024, 1, file)))
+ while (0 < (len = zzip_entry_fread (buffer, 1024, 1, file)))
fwrite (buffer, len, 1, out);
zzip_entry_fclose (file);
--
2.32.0
From 0a9db9ded9d15fbdb63bf5cf451920d0a368c00e Mon Sep 17 00:00:00 2001
From: Guido Draheim <guidod@gmx.de>
Date: Mon, 4 Jan 2021 21:51:56 +0100
Subject: [PATCH 4/7] #68 return value of zzip_mem_disk_fread is signed
---
bins/unzzipcat-mem.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/bins/unzzipcat-mem.c b/bins/unzzipcat-mem.c
index 6bd79b7..1b5bc22 100644
--- a/bins/unzzipcat-mem.c
+++ b/bins/unzzipcat-mem.c
@@ -35,7 +35,7 @@ static void unzzip_mem_entry_fprint(ZZIP_MEM_DISK* disk,
if (file)
{
char buffer[1024]; int len;
- while ((len = zzip_mem_disk_fread (buffer, 1024, 1, file)))
+ while (0 < (len = zzip_mem_disk_fread (buffer, 1024, 1, file)))
fwrite (buffer, len, 1, out);
zzip_mem_disk_fclose (file);
@@ -48,7 +48,7 @@ static void unzzip_mem_disk_cat_file(ZZIP_MEM_DISK* disk, char* name, FILE* out)
if (file)
{
char buffer[1025]; int len;
- while ((len = zzip_mem_disk_fread (buffer, 1, 1024, file)))
+ while (0 < (len = zzip_mem_disk_fread (buffer, 1, 1024, file)))
{
fwrite (buffer, 1, len, out);
}
--
2.32.0
From a34a96fbda1e58fbec5c79f4c0b5063e031ce11d Mon Sep 17 00:00:00 2001
From: Guido Draheim <guidod@gmx.de>
Date: Mon, 4 Jan 2021 21:52:47 +0100
Subject: [PATCH 5/7] #68 return value of zzip_fread is signed
---
bins/unzzipcat-mix.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/bins/unzzipcat-mix.c b/bins/unzzipcat-mix.c
index e18987d..8f3d0b8 100644
--- a/bins/unzzipcat-mix.c
+++ b/bins/unzzipcat-mix.c
@@ -34,7 +34,7 @@ static void unzzip_cat_file(ZZIP_DIR* disk, char* name, FILE* out)
if (file)
{
char buffer[1024]; int len;
- while ((len = zzip_fread (buffer, 1, 1024, file)))
+ while (0 < (len = zzip_fread (buffer, 1, 1024, file)))
{
fwrite (buffer, 1, len, out);
}
--
2.32.0
From fa1f78abe1b08544061204019016809664f2618c Mon Sep 17 00:00:00 2001
From: Guido Draheim <guidod@gmx.de>
Date: Mon, 4 Jan 2021 21:53:50 +0100
Subject: [PATCH 6/7] #68 return value of zzip_entry_fread is signed
---
bins/unzzipshow.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/bins/unzzipshow.c b/bins/unzzipshow.c
index 9d8c2ed..5672d3b 100644
--- a/bins/unzzipshow.c
+++ b/bins/unzzipshow.c
@@ -22,7 +22,7 @@ static void zzip_entry_fprint(ZZIP_ENTRY* entry, FILE* out)
if (file)
{
char buffer[1024]; int len;
- while ((len = zzip_entry_fread (buffer, 1024, 1, file)))
+ while (0 < (len = zzip_entry_fread (buffer, 1024, 1, file)))
fwrite (buffer, len, 1, out);
zzip_entry_fclose (file);
@@ -35,7 +35,7 @@ static void zzip_cat_file(FILE* disk, char* name, FILE* out)
if (file)
{
char buffer[1024]; int len;
- while ((len = zzip_entry_fread (buffer, 1024, 1, file)))
+ while (0 < (len = zzip_entry_fread (buffer, 1024, 1, file)))
fwrite (buffer, len, 1, out);
zzip_entry_fclose (file);
--
2.32.0
From f7a6fa9f0c29aecb4c2299568ed2e6094c34aca7 Mon Sep 17 00:00:00 2001
From: Guido Draheim <guidod@gmx.de>
Date: Mon, 4 Jan 2021 21:55:08 +0100
Subject: [PATCH 7/7] #68 return value of posix read(2) is signed
---
bins/zzipmake-zip.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/bins/zzipmake-zip.c b/bins/zzipmake-zip.c
index 8e09c31..b37877c 100644
--- a/bins/zzipmake-zip.c
+++ b/bins/zzipmake-zip.c
@@ -57,7 +57,7 @@ int rezzip_make (int argc, char ** argv)
continue;
}
- while ((n = read (input, buf, 16)))
+ while (0 < (n = read (input, buf, 16)))
{
zzip_write (output, buf, n);
}
--
2.32.0

View File

@ -1,10 +1,12 @@
Summary: Lightweight library to easily extract data from zip files
Name: zziplib
Version: 0.13.71
Release: 4%{?dist}
Release: 6%{?dist}
License: LGPLv2+ or MPLv1.1
URL: http://zziplib.sourceforge.net/
Source: https://github.com/gdraheim/zziplib/archive/v%{version}.tar.gz
Patch1: CVE-2020-18442.patch
Patch100: multilib-32.patch
Patch101: multilib-64.patch
@ -60,6 +62,7 @@ zziplib library.
%prep
%setup -q
%patch1 -p1
%build
@ -108,6 +111,11 @@ popd
%{_mandir}/man3/*
%changelog
* Thu Jul 22 2021 Jakub Martisko <jamartis@redhat.com> - 0.13.71-6
- Fix CVE-2020-18442
Resolves: CVE-2020-18442
Resolves: 1977964
* Thu Jul 22 2021 Jakub Martisko <jamartis@redhat.com> - 0.13.71-5
- Refresh the multilib patch
Resolves: rhbz#1915747