summary refs log tree commit diff
path: root/gnu/packages/patches/zziplib-CVE-2017-5974.patch
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches/zziplib-CVE-2017-5974.patch')
-rw-r--r--gnu/packages/patches/zziplib-CVE-2017-5974.patch28
1 files changed, 28 insertions, 0 deletions
diff --git a/gnu/packages/patches/zziplib-CVE-2017-5974.patch b/gnu/packages/patches/zziplib-CVE-2017-5974.patch
new file mode 100644
index 0000000000..9ae02103e7
--- /dev/null
+++ b/gnu/packages/patches/zziplib-CVE-2017-5974.patch
@@ -0,0 +1,28 @@
+Fix CVE-2017-5974:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5974
+
+Patch copied from Debian.
+
+Index: zziplib-0.13.62/zzip/memdisk.c
+===================================================================
+--- zziplib-0.13.62.orig/zzip/memdisk.c
++++ zziplib-0.13.62/zzip/memdisk.c
+@@ -216,12 +216,12 @@ zzip_mem_entry_new(ZZIP_DISK * disk, ZZI
+         /* override sizes/offsets with zip64 values for largefile support */
+         zzip_extra_zip64 *block = (zzip_extra_zip64 *)
+             zzip_mem_entry_extra_block(item, ZZIP_EXTRA_zip64);
+-        if (block)
++        if (block && ZZIP_GET16(block->z_datasize) >= (8 + 8 + 8 + 4))
+         {
+-            item->zz_usize = __zzip_get64(block->z_usize);
+-            item->zz_csize = __zzip_get64(block->z_csize);
+-            item->zz_offset = __zzip_get64(block->z_offset);
+-            item->zz_diskstart = __zzip_get32(block->z_diskstart);
++            item->zz_usize = ZZIP_GET64(block->z_usize);
++            item->zz_csize = ZZIP_GET64(block->z_csize);
++            item->zz_offset = ZZIP_GET64(block->z_offset);
++            item->zz_diskstart = ZZIP_GET32(block->z_diskstart);
+         }
+     }
+     /* NOTE:
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-12-19 15:33:37 +0000