From 9ec946bec37960e1950325b233bc265ce3678aad Mon Sep 17 00:00:00 2001
From: eabdullin <ed.abdullin.1@gmail.com>
Date: Tue, 30 Apr 2024 15:11:24 +0300
Subject: [PATCH] Import from CS git

---
 SOURCES/CVE-2020-18770.patch | 29 +++++++++++------------------
 SPECS/zziplib.spec           |  7 ++++++-
 2 files changed, 17 insertions(+), 19 deletions(-)

diff --git a/SOURCES/CVE-2020-18770.patch b/SOURCES/CVE-2020-18770.patch
index e4c7880..9244a6f 100644
--- a/SOURCES/CVE-2020-18770.patch
+++ b/SOURCES/CVE-2020-18770.patch
@@ -1,30 +1,23 @@
-From 18c6c043bd7d8f139f30e9c7749013115d5fc5b7 Mon Sep 17 00:00:00 2001
-From: Valentin Lefebvre <valentin.lefebvre@suse.com>
-Date: Wed, 20 Sep 2023 12:04:56 +0200
-Subject: [PATCH] mmappend.c: Avoid invalid access for header entry
+From 803f49aaae16b7f2899e4769afdfc673a21fa9e8 Mon Sep 17 00:00:00 2001
+From: Guido Draheim <guidod@gmx.de>
+Date: Mon, 26 Feb 2024 23:17:12 +0100
+Subject: [PATCH] #69 assert full zzip_file_header
 
-* zzip_disk_entry_to_file_header checking the pointer by substraction
-  instead of addition where it could lead to an invalid access memory.
-* CVE-2020-18770
-
-Signed-off-by: Valentin Lefebvre <valentin.lefebvre@suse.com>
 ---
- zzip/mmapped.c | 5 +++--
- 1 file changed, 3 insertions(+), 2 deletions(-)
+ zzip/mmapped.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
 
 diff --git a/zzip/mmapped.c b/zzip/mmapped.c
-index 2071882..beb094d 100644
+index 2071882..306ba51 100644
 --- a/zzip/mmapped.c
 +++ b/zzip/mmapped.c
-@@ -275,8 +275,9 @@ zzip_disk_entry_to_data(ZZIP_DISK * disk, struct zzip_disk_entry * entry)
- struct zzip_file_header *
+@@ -276,7 +276,8 @@ struct zzip_file_header *
  zzip_disk_entry_to_file_header(ZZIP_DISK * disk, struct zzip_disk_entry *entry)
  {
--    zzip_byte_t *const ptr = disk->buffer + zzip_disk_entry_fileoffset(entry);
+     zzip_byte_t *const ptr = disk->buffer + zzip_disk_entry_fileoffset(entry);
 -    if (disk->buffer > ptr || ptr >= disk->endbuf)
-+    zzip_off_t off = zzip_disk_entry_fileoffset(entry);
-+    zzip_byte_t *const ptr = disk->buffer + off;
-+    if (disk->buffer > ptr || disk->buffer >= disk->endbuf - off)
++    zzip_byte_t *const end = ptr + sizeof(struct zzip_file_header);
++    if (disk->buffer > ptr || end >= disk->endbuf || end <= NULL)
      {
          errno = EBADMSG;
          return 0;
diff --git a/SPECS/zziplib.spec b/SPECS/zziplib.spec
index a9be6a4..ba18d9c 100644
--- a/SPECS/zziplib.spec
+++ b/SPECS/zziplib.spec
@@ -1,7 +1,7 @@
 Summary: Lightweight library to easily extract data from zip files
 Name: zziplib
 Version: 0.13.71
-Release: 10%{?dist}
+Release: 11%{?dist}
 License: LGPLv2+ or MPLv1.1
 URL: http://zziplib.sourceforge.net/
 #Source: https://github.com/gdraheim/zziplib/archive/v%{version}.tar.gz
@@ -124,6 +124,11 @@ popd
 %{_mandir}/man3/*
 
 %changelog
+* Wed Feb 28 2024 Jakub Martisko <jamartis@redhat.com> - 0.13.71-11
+- Fix CVE-2020-18770
+  Previous patch was causing segfault
+  Resolves: RHEL-14967
+
 * Wed Jan 24 2024 Jakub Martisko <jamartis@redhat.com> - 0.13.71-10
 - Fix CVE-2020-18770
   Resolves: RHEL-14967