rpms
/
zziplib
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix: CVE-2020-18770 

Resolves: RHEL-14966
This commit is contained in:
Jakub Martisko 2024-01-26 12:42:00 +01:00
parent f3524c0644
commit c5d0017ab8
2 changed files with 37 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
CVE-2020-18770.patch Normal file
View File

@ -0,0 +1,30 @@
From 18c6c043bd7d8f139f30e9c7749013115d5fc5b7 Mon Sep 17 00:00:00 2001
From: Valentin Lefebvre <valentin.lefebvre@suse.com>
Date: Wed, 20 Sep 2023 12:04:56 +0200
Subject: [PATCH] mmappend.c: Avoid invalid access for header entry
* zzip_disk_entry_to_file_header checking the pointer by substraction
instead of addition where it could lead to an invalid access memory.
* CVE-2020-18770
Signed-off-by: Valentin Lefebvre <valentin.lefebvre@suse.com>
---
zzip/mmapped.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/zzip/mmapped.c b/zzip/mmapped.c
index 2071882..beb094d 100644
--- a/zzip/mmapped.c
+++ b/zzip/mmapped.c
@@ -275,8 +275,9 @@ zzip_disk_entry_to_data(ZZIP_DISK * disk, struct zzip_disk_entry * entry)
struct zzip_file_header *
zzip_disk_entry_to_file_header(ZZIP_DISK * disk, struct zzip_disk_entry *entry)
{
- zzip_byte_t *const ptr = disk->buffer + zzip_disk_entry_fileoffset(entry);
- if (disk->buffer > ptr || ptr >= disk->endbuf)
+ zzip_off_t off = zzip_disk_entry_fileoffset(entry);
+ zzip_byte_t *const ptr = disk->buffer + off;
+ if (disk->buffer > ptr || disk->buffer >= disk->endbuf - off)
{
errno = EBADMSG;
return 0;

8
zziplib.spec
View File

@ -1,7 +1,7 @@
Summary: Lightweight library to easily extract data from zip files
Name: zziplib
Version: 0.13.68
Release: 9%{?dist}
Release: 10%{?dist}
License: LGPLv2+ or MPLv1.1
Group: Applications/Archiving
URL: http://zziplib.sourceforge.net/
@ -26,6 +26,7 @@ Patch10: CVE-2018-17828.patch
Patch11: CVE-2018-17828-singlez.patch
Patch12: CVE-2020-18442.patch
Patch13: CVE-2020-18770.patch
BuildRequires: perl-interpreter
BuildRequires: python3-devel
@ -92,6 +93,7 @@ zziplib library.
%patch10 -p1
%patch11 -p1
%patch12 -p1
%patch13 -p1
pathfix.py -i %{__python3} -pn docs
@ -143,6 +145,10 @@ make install DESTDIR=%{buildroot}
%{_mandir}/man3/*
%changelog
* Wed Jan 24 2024 Jakub Martisko <jamartis@redhat.com> - 0.13.68-10
- Fix CVE-2020-18770
Resolves: RHEL-14966
* Mon Aug 02 2021 Jakub Martisko <jamartis@redhat.com> - 0.13.68-9
- Fix CVE-2020-18442
- Resolves: CVE-2020-18442