summary refs log tree commit diff
path: root/gnu/packages/patches/icecat-CVE-2015-7194.patch
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches/icecat-CVE-2015-7194.patch')
-rw-r--r--gnu/packages/patches/icecat-CVE-2015-7194.patch32
1 files changed, 32 insertions, 0 deletions
diff --git a/gnu/packages/patches/icecat-CVE-2015-7194.patch b/gnu/packages/patches/icecat-CVE-2015-7194.patch
new file mode 100644
index 0000000000..481da06a7f
--- /dev/null
+++ b/gnu/packages/patches/icecat-CVE-2015-7194.patch
@@ -0,0 +1,32 @@
+From 382a08fa0b21d46c44c46af39041324f304a9dfa Mon Sep 17 00:00:00 2001
+From: Aaron Klotz <aklotz@mozilla.com>
+Date: Tue, 13 Oct 2015 12:20:25 -0600
+Subject: [PATCH] Bug 1211262: Ensure that STORED entries in ZIP are considered
+ corrupt if compressed and uncompressed sizes differ; r=mwu, a=ritu
+
+--HG--
+extra : source : 673d9f45b802f1fd1ffaaeae19d433622fe68a5e
+extra : intermediate-source : db9d3e806685d72a2891830ffbc42ef3cde559ae
+---
+ modules/libjar/nsZipArchive.cpp | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/modules/libjar/nsZipArchive.cpp b/modules/libjar/nsZipArchive.cpp
+index bb1e21b..eaf22ac 100644
+--- a/modules/libjar/nsZipArchive.cpp
++++ b/modules/libjar/nsZipArchive.cpp
+@@ -828,8 +828,10 @@ MOZ_WIN_MEM_TRY_BEGIN
+   // -- check if there is enough source data in the file
+   if (!offset ||
+       mFd->mLen < aItem->Size() ||
+-      offset > mFd->mLen - aItem->Size())
++      offset > mFd->mLen - aItem->Size() ||
++      (aItem->Compression() == STORED && aItem->Size() != aItem->RealSize())) {
+     return nullptr;
++  }
+ 
+   return mFd->mFileData + offset;
+ MOZ_WIN_MEM_TRY_CATCH(return nullptr)
+-- 
+2.5.0
+
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-11-11 17:09:10 +0000