rpms/zziplib
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import zziplib-0.13.68-8.el8

Browse Source
This commit is contained in:
CentOS Sources 2020-04-28 04:49:20 -04:00 committed by Andrew Lukoshko
parent 8a0cf4bd17
commit c0a6678c14
2 changed files with 66 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
SOURCES/CVE-2018-17828-singlez.patch Normal file
View File

@ -0,0 +1,59 @@
diff --git a/bins/unzip-mem.c b/bins/unzip-mem.c
index c45cb72..ff564a5 100644
--- a/bins/unzip-mem.c
+++ b/bins/unzip-mem.c
@@ -88,10 +88,53 @@ static void zzip_mem_entry_pipe(ZZIP_MEM_DISK* disk,
}
}
+
+
+
+static inline void
+remove_dotdotslash(char *path)
+{
+ /* Note: removing "../" from the path ALWAYS shortens the path, never adds to it! */
+ char *dotdotslash;
+ int warned = 0;
+
+ dotdotslash = path;
+ while ((dotdotslash = strstr(dotdotslash, "../")) != NULL)
+ {
+ /*
+ * Remove only if at the beginning of the pathname ("../path/name")
+ * or when preceded by a slash ("path/../name"),
+ * otherwise not ("path../name..")!
+ */
+ if (dotdotslash == path || dotdotslash[-1] == '/')
+ {
+ char *src, *dst;
+ if (!warned)
+ {
+ /* Note: the first time through the pathname is still intact */
+ fprintf(stderr, "Removing \"../\" path component(s) in %s\n", path);
+ warned = 1;
+ }
+ /* We cannot use strcpy(), as there "The strings may not overlap" */
+ for (src = dotdotslash+3, dst=dotdotslash; (*dst = *src) != '\0'; src++, dst++)
+ ;
+ }
+ else
+ dotdotslash +=3; /* skip this instance to prevent infinite loop */
+ }
+}
+
static void zzip_mem_entry_make(ZZIP_MEM_DISK* disk,
ZZIP_MEM_ENTRY* entry)
{
- FILE* file = fopen (entry->zz_name, "w");
+ char name_stripped[PATH_MAX+1];
+ FILE* file;
+
+ strncpy(name_stripped, entry->zz_name, PATH_MAX);
+ name_stripped[PATH_MAX]='\0';
+ remove_dotdotslash(name_stripped);
+
+ file = fopen (name_stripped, "wb");
if (file) { zzip_mem_entry_pipe (disk, entry, file); fclose (file); }
perror (entry->zz_name);
if (status < EXIT_WARNINGS) status = EXIT_WARNINGS;

8
SPECS/zziplib.spec
View File

@ -1,7 +1,7 @@
Summary: Lightweight library to easily extract data from zip files Summary: Lightweight library to easily extract data from zip files
Name: zziplib Name: zziplib
Version: 0.13.68 Version: 0.13.68
Release: 7%{?dist} Release: 8%{?dist}
License: LGPLv2+ or MPLv1.1 License: LGPLv2+ or MPLv1.1
Group: Applications/Archiving Group: Applications/Archiving
URL: http://zziplib.sourceforge.net/ URL: http://zziplib.sourceforge.net/
@ -23,6 +23,7 @@ Patch8: CVE-2018-16548.part2.patch
Patch9: CVE-2018-16548.part3.patch Patch9: CVE-2018-16548.part3.patch
Patch10: CVE-2018-17828.patch Patch10: CVE-2018-17828.patch
Patch11: CVE-2018-17828-singlez.patch
BuildRequires: perl-interpreter BuildRequires: perl-interpreter
BuildRequires: python3-devel BuildRequires: python3-devel
@ -87,6 +88,7 @@ zziplib library.
%patch8 -p1 %patch8 -p1
%patch9 -p1 %patch9 -p1
%patch10 -p1 %patch10 -p1
%patch11 -p1
pathfix.py -i %{__python3} -pn docs pathfix.py -i %{__python3} -pn docs
@ -138,6 +140,10 @@ make install DESTDIR=%{buildroot}
%{_mandir}/man3/* %{_mandir}/man3/*
%changelog %changelog
* Tue Oct 16 2018 Jakub Martisko <jamartis@redhat.com> - 0.13.68-8
- Fix CVE-2018-17828 in the "single z" binaries
- Resolves: #1772447
* Tue Oct 16 2018 Jakub Martisko <jamartis@redhat.com> - 0.13.68-7 * Tue Oct 16 2018 Jakub Martisko <jamartis@redhat.com> - 0.13.68-7
- Fix CVE-2018-17828 - Fix CVE-2018-17828
- Resolves: #1635890 - Resolves: #1635890