1 files changed, 37 insertions, 0 deletions

diff --git a/gnu/packages/patches/zziplib-CVE-2017-5978.patch b/gnu/packages/patches/zziplib-CVE-2017-5978.patch
new file mode 100644
index 0000000000..452b14f804
--- /dev/null
+++ b/gnu/packages/patches/zziplib-CVE-2017-5978.patch
@@ -0,0 +1,37 @@
+Fix CVE-2017-5978:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5978
+
+Patch copied from Debian.
+
+Index: zziplib-0.13.62/zzip/memdisk.c
+===================================================================
+--- zziplib-0.13.62.orig/zzip/memdisk.c
++++ zziplib-0.13.62/zzip/memdisk.c
+@@ -180,7 +180,7 @@ zzip_mem_entry_new(ZZIP_DISK * disk, ZZI
+      *  that exists in the other, ... but we will prefer the disk entry.
+      */
+     item->zz_comment = zzip_disk_entry_strdup_comment(disk, entry);
+-    item->zz_name = zzip_disk_entry_strdup_name(disk, entry);
++    item->zz_name = zzip_disk_entry_strdup_name(disk, entry) ?: strdup("");
+     item->zz_data = zzip_file_header_to_data(header);
+     item->zz_flags = zzip_disk_entry_get_flags(entry);
+     item->zz_compr = zzip_disk_entry_get_compr(entry);
+@@ -197,7 +197,7 @@ zzip_mem_entry_new(ZZIP_DISK * disk, ZZI
+         int /*            */ ext2 = zzip_file_header_get_extras(header);
+         char *_zzip_restrict ptr2 = zzip_file_header_to_extras(header);
+ 
+-        if (ext1)
++        if (ext1 && ((ptr1 + ext1) < disk->endbuf))
+         {
+             void *mem = malloc(ext1 + 2);
+             item->zz_ext[1] = mem;
+@@ -206,7 +206,7 @@ zzip_mem_entry_new(ZZIP_DISK * disk, ZZI
+             ((char *) (mem))[ext1 + 0] = 0;
+             ((char *) (mem))[ext1 + 1] = 0;
+         }
+-        if (ext2)
++        if (ext2 && ((ptr2 + ext2) < disk->endbuf))
+         {
+             void *mem = malloc(ext2 + 2);
+             item->zz_ext[2] = mem;