zziplib/CVE-2018-7726.part1.patch

32 lines
1.4 KiB
Diff

From 8f48323c181e20b7e527b8be7229d6eb1148ec5f Mon Sep 17 00:00:00 2001
From: Guido Draheim <guidod@gmx.de>
Date: Tue, 13 Mar 2018 00:23:33 +0100
Subject: [PATCH] check rootseek and rootsize to be positive #27
---
zzip/zip.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/zzip/zip.c b/zzip/zip.c
index a5db9d8..6be8d7c 100644
--- a/zzip/zip.c
+++ b/zzip/zip.c
@@ -318,6 +318,8 @@ __zzip_fetch_disk_trailer(int fd, zzip_off_t filesize,
trailer->zz_rootseek = zzip_disk_trailer_rootseek(orig);
trailer->zz_rootsize = zzip_disk_trailer_rootsize(orig);
# endif
+ if (trailer->zz_rootseek < 0 || trailer->zz_rootsize < 0)
+ return(ZZIP_CORRUPTED); // forged value
__fixup_rootseek(offset + tail - mapped, trailer);
/*
@@ -344,6 +346,8 @@ __zzip_fetch_disk_trailer(int fd, zzip_off_t filesize,
zzip_disk64_trailer_finalentries(orig);
trailer->zz_rootseek = zzip_disk64_trailer_rootseek(orig);
trailer->zz_rootsize = zzip_disk64_trailer_rootsize(orig);
+ if (trailer->zz_rootseek < 0 || trailer->zz_rootsize < 0)
+ return(ZZIP_CORRUPTED); // forged value
/*
* "extract data from files archived in a single zip file."
* So the file offsets must be within the current ZIP archive!