Add: the patch which should have been part of the 0.13.69-2 commit

2019-01-24 16:06:43 +01:00 · 2019-01-24 16:06:43 +01:00 · 779eaf6adc
commit 779eaf6adc
parent ff7beb94fb
2 changed files with 64 additions and 5 deletions
--- a/CVE-2018-17828.part2.patch
+++ b/CVE-2018-17828.part2.patch
@ -0,0 +1,55 @@
+diff --git a/bins/unzip-mem.c b/bins/unzip-mem.c
+index c45cb72..ff564a5 100644
+--- a/bins/unzip-mem.c
+++ b/bins/unzip-mem.c
+@@ -88,10 +88,49 @@ static void zzip_mem_entry_pipe(ZZIP_MEM_DISK* disk,
+     }
+ }
+ 
+static inline void
+remove_dotdotslash(char *path)
+{
+    /* Note: removing "../" from the path ALWAYS shortens the path, never adds to it! */
+    char *dotdotslash;
+    int warned = 0;
+
+    dotdotslash = path;
+    while ((dotdotslash = strstr(dotdotslash, "../")) != NULL)
+    {
+        /*
+         * Remove only if at the beginning of the pathname ("../path/name")
+         * or when preceded by a slash ("path/../name"),
+         * otherwise not ("path../name..")!
+         */
+        if (dotdotslash == path || dotdotslash[-1] == '/')
+        {
+            char *src, *dst;
+            if (!warned)
+            {
+                /* Note: the first time through the pathname is still intact */
+                fprintf(stderr, "Removing \"../\" path component(s) in %s\n", path);
+                warned = 1;
+            }
+            /* We cannot use strcpy(), as there "The strings may not overlap" */
+            for (src = dotdotslash+3, dst=dotdotslash; (*dst = *src) != '\0'; src++, dst++)
+                ;
+        }
+        else
+            dotdotslash +=3;	/* skip this instance to prevent infinite loop */
+    }
+}
+
+ static void zzip_mem_entry_make(ZZIP_MEM_DISK* disk, 
+ 				ZZIP_MEM_ENTRY* entry)
+ {
+-    FILE* file = fopen (entry->zz_name, "wb");
+    char name_stripped[PATH_MAX];
+    FILE* file;
+
+    strncpy(name_stripped, entry->zz_name, PATH_MAX);
+    remove_dotdotslash(name_stripped);
+    
+    file = fopen (name_stripped, "wb");
+     if (file) { zzip_mem_entry_pipe (disk, entry, file); fclose (file); }
+     perror (entry->zz_name);
+     if (status < EXIT_WARNINGS) status = EXIT_WARNINGS;
--- a/zziplib.spec
+++ b/zziplib.spec
@ -1,7 +1,7 @@
 Summary: Lightweight library to easily extract data from zip files
 Name: zziplib
 Version: 0.13.69
-Release: 3%{?dist}
+Release: 4%{?dist}
 License: LGPLv2+ or MPLv1.1
 Group: Applications/Archiving
 URL: http://zziplib.sourceforge.net/
@ -121,13 +121,17 @@ make install DESTDIR=%{buildroot}
 %{_mandir}/man3/*

 %changelog
+* Thu Jan 24 2019 Jakub Martisko <jamartis@redhat.com> - 0.13.69-4
+- Add the missing CVE-2018-17828.part2.patch file
+- Fix Formating of the previous 2 changelog entries
+
 * Thu Jan 24 2019 Jakub Martisko <jamartis@redhat.com> - 0.13.69-3
-Related: #1626202
-Resolves: CVE-2018-16548
+- Related: #1626202
+- Resolves: CVE-2018-16548

 * Thu Jan 24 2019 Jakub Martisko <jamartis@redhat.com> - 0.13.69-2
-Related: 1635890
-Resolves: CVE-2018-17828
+- Related: 1635890
+- Resolves: CVE-2018-17828

 * Mon Jul 23 2018 Alexander Bokovoy <abokovoy@redhat.com> - 0.13.69-1
 - Update to 0.13.69 release