diff --git a/SOURCES/CVE-2020-18770.patch b/SOURCES/CVE-2020-18770.patch index e4c7880..9244a6f 100644 --- a/SOURCES/CVE-2020-18770.patch +++ b/SOURCES/CVE-2020-18770.patch @@ -1,30 +1,23 @@ -From 18c6c043bd7d8f139f30e9c7749013115d5fc5b7 Mon Sep 17 00:00:00 2001 -From: Valentin Lefebvre -Date: Wed, 20 Sep 2023 12:04:56 +0200 -Subject: [PATCH] mmappend.c: Avoid invalid access for header entry +From 803f49aaae16b7f2899e4769afdfc673a21fa9e8 Mon Sep 17 00:00:00 2001 +From: Guido Draheim +Date: Mon, 26 Feb 2024 23:17:12 +0100 +Subject: [PATCH] #69 assert full zzip_file_header -* zzip_disk_entry_to_file_header checking the pointer by substraction - instead of addition where it could lead to an invalid access memory. -* CVE-2020-18770 - -Signed-off-by: Valentin Lefebvre --- - zzip/mmapped.c | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) + zzip/mmapped.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/zzip/mmapped.c b/zzip/mmapped.c -index 2071882..beb094d 100644 +index 2071882..306ba51 100644 --- a/zzip/mmapped.c +++ b/zzip/mmapped.c -@@ -275,8 +275,9 @@ zzip_disk_entry_to_data(ZZIP_DISK * disk, struct zzip_disk_entry * entry) - struct zzip_file_header * +@@ -276,7 +276,8 @@ struct zzip_file_header * zzip_disk_entry_to_file_header(ZZIP_DISK * disk, struct zzip_disk_entry *entry) { -- zzip_byte_t *const ptr = disk->buffer + zzip_disk_entry_fileoffset(entry); + zzip_byte_t *const ptr = disk->buffer + zzip_disk_entry_fileoffset(entry); - if (disk->buffer > ptr || ptr >= disk->endbuf) -+ zzip_off_t off = zzip_disk_entry_fileoffset(entry); -+ zzip_byte_t *const ptr = disk->buffer + off; -+ if (disk->buffer > ptr || disk->buffer >= disk->endbuf - off) ++ zzip_byte_t *const end = ptr + sizeof(struct zzip_file_header); ++ if (disk->buffer > ptr || end >= disk->endbuf || end <= NULL) { errno = EBADMSG; return 0; diff --git a/SPECS/zziplib.spec b/SPECS/zziplib.spec index a9be6a4..ba18d9c 100644 --- a/SPECS/zziplib.spec +++ b/SPECS/zziplib.spec @@ -1,7 +1,7 @@ Summary: Lightweight library to easily extract data from zip files Name: zziplib Version: 0.13.71 -Release: 10%{?dist} +Release: 11%{?dist} License: LGPLv2+ or MPLv1.1 URL: http://zziplib.sourceforge.net/ #Source: https://github.com/gdraheim/zziplib/archive/v%{version}.tar.gz @@ -124,6 +124,11 @@ popd %{_mandir}/man3/* %changelog +* Wed Feb 28 2024 Jakub Martisko - 0.13.71-11 +- Fix CVE-2020-18770 + Previous patch was causing segfault + Resolves: RHEL-14967 + * Wed Jan 24 2024 Jakub Martisko - 0.13.71-10 - Fix CVE-2020-18770 Resolves: RHEL-14967