Fix: CVE-2020-18770
Resolves: RHEL-14967
This commit is contained in:
parent
51d6d67f46
commit
db9808753d
30
CVE-2020-18770.patch
Normal file
30
CVE-2020-18770.patch
Normal file
@ -0,0 +1,30 @@
|
|||||||
|
From 18c6c043bd7d8f139f30e9c7749013115d5fc5b7 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Valentin Lefebvre <valentin.lefebvre@suse.com>
|
||||||
|
Date: Wed, 20 Sep 2023 12:04:56 +0200
|
||||||
|
Subject: [PATCH] mmappend.c: Avoid invalid access for header entry
|
||||||
|
|
||||||
|
* zzip_disk_entry_to_file_header checking the pointer by substraction
|
||||||
|
instead of addition where it could lead to an invalid access memory.
|
||||||
|
* CVE-2020-18770
|
||||||
|
|
||||||
|
Signed-off-by: Valentin Lefebvre <valentin.lefebvre@suse.com>
|
||||||
|
---
|
||||||
|
zzip/mmapped.c | 5 +++--
|
||||||
|
1 file changed, 3 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/zzip/mmapped.c b/zzip/mmapped.c
|
||||||
|
index 2071882..beb094d 100644
|
||||||
|
--- a/zzip/mmapped.c
|
||||||
|
+++ b/zzip/mmapped.c
|
||||||
|
@@ -275,8 +275,9 @@ zzip_disk_entry_to_data(ZZIP_DISK * disk, struct zzip_disk_entry * entry)
|
||||||
|
struct zzip_file_header *
|
||||||
|
zzip_disk_entry_to_file_header(ZZIP_DISK * disk, struct zzip_disk_entry *entry)
|
||||||
|
{
|
||||||
|
- zzip_byte_t *const ptr = disk->buffer + zzip_disk_entry_fileoffset(entry);
|
||||||
|
- if (disk->buffer > ptr || ptr >= disk->endbuf)
|
||||||
|
+ zzip_off_t off = zzip_disk_entry_fileoffset(entry);
|
||||||
|
+ zzip_byte_t *const ptr = disk->buffer + off;
|
||||||
|
+ if (disk->buffer > ptr || disk->buffer >= disk->endbuf - off)
|
||||||
|
{
|
||||||
|
errno = EBADMSG;
|
||||||
|
return 0;
|
@ -1,7 +1,7 @@
|
|||||||
Summary: Lightweight library to easily extract data from zip files
|
Summary: Lightweight library to easily extract data from zip files
|
||||||
Name: zziplib
|
Name: zziplib
|
||||||
Version: 0.13.71
|
Version: 0.13.71
|
||||||
Release: 9%{?dist}
|
Release: 10%{?dist}
|
||||||
License: LGPLv2+ or MPLv1.1
|
License: LGPLv2+ or MPLv1.1
|
||||||
URL: http://zziplib.sourceforge.net/
|
URL: http://zziplib.sourceforge.net/
|
||||||
#Source: https://github.com/gdraheim/zziplib/archive/v%{version}.tar.gz
|
#Source: https://github.com/gdraheim/zziplib/archive/v%{version}.tar.gz
|
||||||
@ -15,6 +15,7 @@ Source1: match.py
|
|||||||
Source2: options.py
|
Source2: options.py
|
||||||
|
|
||||||
Patch1: CVE-2020-18442.patch
|
Patch1: CVE-2020-18442.patch
|
||||||
|
Patch2: CVE-2020-18770.patch
|
||||||
Patch100: multilib-32.patch
|
Patch100: multilib-32.patch
|
||||||
Patch101: multilib-64.patch
|
Patch101: multilib-64.patch
|
||||||
|
|
||||||
@ -74,6 +75,7 @@ cp %{SOURCE1} docs/zzipdoc/
|
|||||||
cp %{SOURCE2} docs/zzipdoc/
|
cp %{SOURCE2} docs/zzipdoc/
|
||||||
|
|
||||||
%patch1 -p1
|
%patch1 -p1
|
||||||
|
%patch2 -p1
|
||||||
|
|
||||||
|
|
||||||
%build
|
%build
|
||||||
@ -122,6 +124,10 @@ popd
|
|||||||
%{_mandir}/man3/*
|
%{_mandir}/man3/*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Jan 24 2024 Jakub Martisko <jamartis@redhat.com> - 0.13.71-10
|
||||||
|
- Fix CVE-2020-18770
|
||||||
|
Resolves: RHEL-14967
|
||||||
|
|
||||||
* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 0.13.71-9
|
* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 0.13.71-9
|
||||||
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
|
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
|
||||||
Related: rhbz#1991688
|
Related: rhbz#1991688
|
||||||
|
Loading…
Reference in New Issue
Block a user