summary refs log tree commit diff
path: root/gnu/packages/patches/unzip-CVE-2014-8139.patch
diff options
context:
space:
mode:
authorMark H Weaver <mhw@netris.org>2014-12-30 14:46:21 -0500
committerMark H Weaver <mhw@netris.org>2014-12-30 14:48:13 -0500
commite5da2f38c3ca8d4626c1b87e045d00d28c1bf4d0 (patch)
treee033809b82b840dc259b7d1a430cf32edb17b02a /gnu/packages/patches/unzip-CVE-2014-8139.patch
parentc7bdc7ece5650be75314dc302f3cdcf02806857b (diff)
downloadguix-e5da2f38c3ca8d4626c1b87e045d00d28c1bf4d0.tar.gz
gnu: unzip: Add fixes for CVE-2014-{8139,8140,8141}.
* gnu/packages/patches/unzip-CVE-2014-8139.patch,
  gnu/packages/patches/unzip-CVE-2014-8140.patch,
  gnu/packages/patches/unzip-CVE-2014-8141.patch: New files.
* gnu-system.am (dist_patch_DATA): Add them.
* gnu/packages/zip.scm (unzip): Add patches.
Diffstat (limited to 'gnu/packages/patches/unzip-CVE-2014-8139.patch')
-rw-r--r--gnu/packages/patches/unzip-CVE-2014-8139.patch49
1 files changed, 49 insertions, 0 deletions
diff --git a/gnu/packages/patches/unzip-CVE-2014-8139.patch b/gnu/packages/patches/unzip-CVE-2014-8139.patch
new file mode 100644
index 0000000000..433efd1aaf
--- /dev/null
+++ b/gnu/packages/patches/unzip-CVE-2014-8139.patch
@@ -0,0 +1,49 @@
+From: sms
+Subject: Fix CVE-2014-8139: CRC32 verification heap-based overflow
+Bug-Debian: http://bugs.debian.org/773722
+
+--- a/extract.c
++++ b/extract.c
+@@ -1,5 +1,5 @@
+ /*
+-  Copyright (c) 1990-2009 Info-ZIP.  All rights reserved.
++  Copyright (c) 1990-2014 Info-ZIP.  All rights reserved.
+ 
+   See the accompanying file LICENSE, version 2009-Jan-02 or later
+   (the contents of which are also included in unzip.h) for terms of use.
+@@ -298,6 +298,8 @@
+ #ifndef SFX
+    static ZCONST char Far InconsistEFlength[] = "bad extra-field entry:\n \
+      EF block length (%u bytes) exceeds remaining EF data (%u bytes)\n";
++   static ZCONST char Far TooSmallEFlength[] = "bad extra-field entry:\n \
++     EF block length (%u bytes) invalid (< %d)\n";
+    static ZCONST char Far InvalidComprDataEAs[] =
+      " invalid compressed data for EAs\n";
+ #  if (defined(WIN32) && defined(NTSD_EAS))
+@@ -2023,7 +2025,8 @@
+         ebID = makeword(ef);
+         ebLen = (unsigned)makeword(ef+EB_LEN);
+ 
+-        if (ebLen > (ef_len - EB_HEADSIZE)) {
++        if (ebLen > (ef_len - EB_HEADSIZE))
++        {
+            /* Discovered some extra field inconsistency! */
+             if (uO.qflag)
+                 Info(slide, 1, ((char *)slide, "%-22s ",
+@@ -2032,6 +2035,16 @@
+               ebLen, (ef_len - EB_HEADSIZE)));
+             return PK_ERR;
+         }
++        else if (ebLen < EB_HEADSIZE)
++        {
++            /* Extra block length smaller than header length. */
++            if (uO.qflag)
++                Info(slide, 1, ((char *)slide, "%-22s ",
++                  FnFilter1(G.filename)));
++            Info(slide, 1, ((char *)slide, LoadFarString(TooSmallEFlength),
++              ebLen, EB_HEADSIZE));
++            return PK_ERR;
++        }
+ 
+         switch (ebID) {
+             case EF_OS2: