summary refs log tree commit diff
path: root/gnu/packages/patches
diff options
context:
space:
mode:
authorMarius Bakke <mbakke@fastmail.com>2020-03-04 12:04:42 +0100
committerMarius Bakke <mbakke@fastmail.com>2020-03-04 12:04:42 +0100
commite32aea5472007507e62933b27a4db9a50810e5dc (patch)
tree55ccbe4ed5baf1fd2689b16d7108da8f7be857a9 /gnu/packages/patches
parentfb98351621a6b311d4ff9593d6c22d40a3b3fe8f (diff)
parentd46f9f833b190aac04f7f4683b84a06a291a3f8f (diff)
downloadguix-e32aea5472007507e62933b27a4db9a50810e5dc.tar.gz
Merge branch 'master' into staging
Diffstat (limited to 'gnu/packages/patches')
-rw-r--r--gnu/packages/patches/zziplib-CVE-2018-16548.patch49
1 files changed, 49 insertions, 0 deletions
diff --git a/gnu/packages/patches/zziplib-CVE-2018-16548.patch b/gnu/packages/patches/zziplib-CVE-2018-16548.patch
new file mode 100644
index 0000000000..a17c6a9768
--- /dev/null
+++ b/gnu/packages/patches/zziplib-CVE-2018-16548.patch
@@ -0,0 +1,49 @@
+The following 3 patches applied to 0.13.69 in this order, combined:
+https://github.com/gdraheim/zziplib/commit/9411bde3e4a70a81ff3ffd256b71927b2d90dcbb.patch
+https://github.com/gdraheim/zziplib/commit/d2e5d5c53212e54a97ad64b793a4389193fec687.patch
+https://github.com/gdraheim/zziplib/commit/0e1dadb05c1473b9df2d7b8f298dab801778ef99.patch
+
+diff --git a/test/test.zip b/test/test.zip
+index 2c992ea..952d475 100644
+Binary files a/test/test.zip and b/test/test.zip differ
+diff --git a/zzip/zip.c b/zzip/zip.c
+index 14e2e06..f97a40a 100644
+--- a/zzip/zip.c
++++ b/zzip/zip.c
+@@ -472,9 +472,15 @@ __zzip_parse_root_directory(int fd,
+         } else
+         {
+             if (io->fd.seeks(fd, zz_rootseek + zz_offset, SEEK_SET) < 0)
++	    {
++	    	free(hdr0);
+                 return ZZIP_DIR_SEEK;
++	    }
+             if (io->fd.read(fd, &dirent, sizeof(dirent)) < __sizeof(dirent))
++	    {
++	    	free(hdr0);
+                 return ZZIP_DIR_READ;
++	    }
+             d = &dirent;
+         }
+ 
+@@ -574,11 +580,18 @@ __zzip_parse_root_directory(int fd,
+ 
+         if (hdr_return)
+             *hdr_return = hdr0;
++	else
++	{
++	    /* If it is not assigned to *hdr_return, it will never be free()'d */
++	    free(hdr0);
++	}
+     }                           /* else zero (sane) entries */
++    else
++        free(hdr0);
+ #  ifndef ZZIP_ALLOW_MODULO_ENTRIES
+-    return (entries != zz_entries ? ZZIP_CORRUPTED : 0);
++    return (entries != zz_entries) ? ZZIP_CORRUPTED : 0;
+ #  else
+-    return ((entries & (unsigned)0xFFFF) != zz_entries ? ZZIP_CORRUPTED : 0);
++    return ((entries & (unsigned)0xFFFF) != zz_entries) ? ZZIP_CORRUPTED : 0;
+ #  endif
+ }
+