Add: the patch which should have been part of the 0.13.69-2 commit
This commit is contained in:
parent
ff7beb94fb
commit
779eaf6adc
55
CVE-2018-17828.part2.patch
Normal file
55
CVE-2018-17828.part2.patch
Normal file
@ -0,0 +1,55 @@
|
|||||||
|
diff --git a/bins/unzip-mem.c b/bins/unzip-mem.c
|
||||||
|
index c45cb72..ff564a5 100644
|
||||||
|
--- a/bins/unzip-mem.c
|
||||||
|
+++ b/bins/unzip-mem.c
|
||||||
|
@@ -88,10 +88,49 @@ static void zzip_mem_entry_pipe(ZZIP_MEM_DISK* disk,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
+static inline void
|
||||||
|
+remove_dotdotslash(char *path)
|
||||||
|
+{
|
||||||
|
+ /* Note: removing "../" from the path ALWAYS shortens the path, never adds to it! */
|
||||||
|
+ char *dotdotslash;
|
||||||
|
+ int warned = 0;
|
||||||
|
+
|
||||||
|
+ dotdotslash = path;
|
||||||
|
+ while ((dotdotslash = strstr(dotdotslash, "../")) != NULL)
|
||||||
|
+ {
|
||||||
|
+ /*
|
||||||
|
+ * Remove only if at the beginning of the pathname ("../path/name")
|
||||||
|
+ * or when preceded by a slash ("path/../name"),
|
||||||
|
+ * otherwise not ("path../name..")!
|
||||||
|
+ */
|
||||||
|
+ if (dotdotslash == path || dotdotslash[-1] == '/')
|
||||||
|
+ {
|
||||||
|
+ char *src, *dst;
|
||||||
|
+ if (!warned)
|
||||||
|
+ {
|
||||||
|
+ /* Note: the first time through the pathname is still intact */
|
||||||
|
+ fprintf(stderr, "Removing \"../\" path component(s) in %s\n", path);
|
||||||
|
+ warned = 1;
|
||||||
|
+ }
|
||||||
|
+ /* We cannot use strcpy(), as there "The strings may not overlap" */
|
||||||
|
+ for (src = dotdotslash+3, dst=dotdotslash; (*dst = *src) != '\0'; src++, dst++)
|
||||||
|
+ ;
|
||||||
|
+ }
|
||||||
|
+ else
|
||||||
|
+ dotdotslash +=3; /* skip this instance to prevent infinite loop */
|
||||||
|
+ }
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
static void zzip_mem_entry_make(ZZIP_MEM_DISK* disk,
|
||||||
|
ZZIP_MEM_ENTRY* entry)
|
||||||
|
{
|
||||||
|
- FILE* file = fopen (entry->zz_name, "wb");
|
||||||
|
+ char name_stripped[PATH_MAX];
|
||||||
|
+ FILE* file;
|
||||||
|
+
|
||||||
|
+ strncpy(name_stripped, entry->zz_name, PATH_MAX);
|
||||||
|
+ remove_dotdotslash(name_stripped);
|
||||||
|
+
|
||||||
|
+ file = fopen (name_stripped, "wb");
|
||||||
|
if (file) { zzip_mem_entry_pipe (disk, entry, file); fclose (file); }
|
||||||
|
perror (entry->zz_name);
|
||||||
|
if (status < EXIT_WARNINGS) status = EXIT_WARNINGS;
|
14
zziplib.spec
14
zziplib.spec
@ -1,7 +1,7 @@
|
|||||||
Summary: Lightweight library to easily extract data from zip files
|
Summary: Lightweight library to easily extract data from zip files
|
||||||
Name: zziplib
|
Name: zziplib
|
||||||
Version: 0.13.69
|
Version: 0.13.69
|
||||||
Release: 3%{?dist}
|
Release: 4%{?dist}
|
||||||
License: LGPLv2+ or MPLv1.1
|
License: LGPLv2+ or MPLv1.1
|
||||||
Group: Applications/Archiving
|
Group: Applications/Archiving
|
||||||
URL: http://zziplib.sourceforge.net/
|
URL: http://zziplib.sourceforge.net/
|
||||||
@ -121,13 +121,17 @@ make install DESTDIR=%{buildroot}
|
|||||||
%{_mandir}/man3/*
|
%{_mandir}/man3/*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Jan 24 2019 Jakub Martisko <jamartis@redhat.com> - 0.13.69-4
|
||||||
|
- Add the missing CVE-2018-17828.part2.patch file
|
||||||
|
- Fix Formating of the previous 2 changelog entries
|
||||||
|
|
||||||
* Thu Jan 24 2019 Jakub Martisko <jamartis@redhat.com> - 0.13.69-3
|
* Thu Jan 24 2019 Jakub Martisko <jamartis@redhat.com> - 0.13.69-3
|
||||||
Related: #1626202
|
- Related: #1626202
|
||||||
Resolves: CVE-2018-16548
|
- Resolves: CVE-2018-16548
|
||||||
|
|
||||||
* Thu Jan 24 2019 Jakub Martisko <jamartis@redhat.com> - 0.13.69-2
|
* Thu Jan 24 2019 Jakub Martisko <jamartis@redhat.com> - 0.13.69-2
|
||||||
Related: 1635890
|
- Related: 1635890
|
||||||
Resolves: CVE-2018-17828
|
- Resolves: CVE-2018-17828
|
||||||
|
|
||||||
* Mon Jul 23 2018 Alexander Bokovoy <abokovoy@redhat.com> - 0.13.69-1
|
* Mon Jul 23 2018 Alexander Bokovoy <abokovoy@redhat.com> - 0.13.69-1
|
||||||
- Update to 0.13.69 release
|
- Update to 0.13.69 release
|
||||||
|
Loading…
Reference in New Issue
Block a user