summary refs log tree commit diff
path: root/gnu/packages/patches/zziplib-CVE-2017-5978.patch
diff options
context:
space:
mode:
authorMark H Weaver <mhw@netris.org>2017-06-18 02:36:51 -0400
committerMark H Weaver <mhw@netris.org>2017-06-18 02:36:51 -0400
commit9d4385634d098cc0fb35bfe58179f7d855352e39 (patch)
tree653cfd7a6faecaf42129b1aa47703e7bd01bc471 /gnu/packages/patches/zziplib-CVE-2017-5978.patch
parenta6aff3528c32cc921bddd78b254678a1fc121f21 (diff)
parent96fd87c96bd6987a967575aaa931c5a7b1c84e21 (diff)
downloadguix-9d4385634d098cc0fb35bfe58179f7d855352e39.tar.gz
Merge branch 'master' into core-updates
Diffstat (limited to 'gnu/packages/patches/zziplib-CVE-2017-5978.patch')
-rw-r--r--gnu/packages/patches/zziplib-CVE-2017-5978.patch37
1 files changed, 37 insertions, 0 deletions
diff --git a/gnu/packages/patches/zziplib-CVE-2017-5978.patch b/gnu/packages/patches/zziplib-CVE-2017-5978.patch
new file mode 100644
index 0000000000..452b14f804
--- /dev/null
+++ b/gnu/packages/patches/zziplib-CVE-2017-5978.patch
@@ -0,0 +1,37 @@
+Fix CVE-2017-5978:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5978
+
+Patch copied from Debian.
+
+Index: zziplib-0.13.62/zzip/memdisk.c
+===================================================================
+--- zziplib-0.13.62.orig/zzip/memdisk.c
++++ zziplib-0.13.62/zzip/memdisk.c
+@@ -180,7 +180,7 @@ zzip_mem_entry_new(ZZIP_DISK * disk, ZZI
+      *  that exists in the other, ... but we will prefer the disk entry.
+      */
+     item->zz_comment = zzip_disk_entry_strdup_comment(disk, entry);
+-    item->zz_name = zzip_disk_entry_strdup_name(disk, entry);
++    item->zz_name = zzip_disk_entry_strdup_name(disk, entry) ?: strdup("");
+     item->zz_data = zzip_file_header_to_data(header);
+     item->zz_flags = zzip_disk_entry_get_flags(entry);
+     item->zz_compr = zzip_disk_entry_get_compr(entry);
+@@ -197,7 +197,7 @@ zzip_mem_entry_new(ZZIP_DISK * disk, ZZI
+         int /*            */ ext2 = zzip_file_header_get_extras(header);
+         char *_zzip_restrict ptr2 = zzip_file_header_to_extras(header);
+ 
+-        if (ext1)
++        if (ext1 && ((ptr1 + ext1) < disk->endbuf))
+         {
+             void *mem = malloc(ext1 + 2);
+             item->zz_ext[1] = mem;
+@@ -206,7 +206,7 @@ zzip_mem_entry_new(ZZIP_DISK * disk, ZZI
+             ((char *) (mem))[ext1 + 0] = 0;
+             ((char *) (mem))[ext1 + 1] = 0;
+         }
+-        if (ext2)
++        if (ext2 && ((ptr2 + ext2) < disk->endbuf))
+         {
+             void *mem = malloc(ext2 + 2);
+             item->zz_ext[2] = mem;