diff options
Diffstat (limited to 'gnu/packages/patches/zziplib-CVE-2018-16548.patch')
| -rw-r--r-- | gnu/packages/patches/zziplib-CVE-2018-16548.patch | 49 |
1 files changed, 0 insertions, 49 deletions
diff --git a/gnu/packages/patches/zziplib-CVE-2018-16548.patch b/gnu/packages/patches/zziplib-CVE-2018-16548.patch deleted file mode 100644 index a17c6a9768..0000000000 --- a/gnu/packages/patches/zziplib-CVE-2018-16548.patch +++ /dev/null @@ -1,49 +0,0 @@ -The following 3 patches applied to 0.13.69 in this order, combined: -https://github.com/gdraheim/zziplib/commit/9411bde3e4a70a81ff3ffd256b71927b2d90dcbb.patch -https://github.com/gdraheim/zziplib/commit/d2e5d5c53212e54a97ad64b793a4389193fec687.patch -https://github.com/gdraheim/zziplib/commit/0e1dadb05c1473b9df2d7b8f298dab801778ef99.patch - -diff --git a/test/test.zip b/test/test.zip -index 2c992ea..952d475 100644 -Binary files a/test/test.zip and b/test/test.zip differ -diff --git a/zzip/zip.c b/zzip/zip.c -index 14e2e06..f97a40a 100644 ---- a/zzip/zip.c -+++ b/zzip/zip.c -@@ -472,9 +472,15 @@ __zzip_parse_root_directory(int fd, - } else - { - if (io->fd.seeks(fd, zz_rootseek + zz_offset, SEEK_SET) < 0) -+ { -+ free(hdr0); - return ZZIP_DIR_SEEK; -+ } - if (io->fd.read(fd, &dirent, sizeof(dirent)) < __sizeof(dirent)) -+ { -+ free(hdr0); - return ZZIP_DIR_READ; -+ } - d = &dirent; - } - -@@ -574,11 +580,18 @@ __zzip_parse_root_directory(int fd, - - if (hdr_return) - *hdr_return = hdr0; -+ else -+ { -+ /* If it is not assigned to *hdr_return, it will never be free()'d */ -+ free(hdr0); -+ } - } /* else zero (sane) entries */ -+ else -+ free(hdr0); - # ifndef ZZIP_ALLOW_MODULO_ENTRIES -- return (entries != zz_entries ? ZZIP_CORRUPTED : 0); -+ return (entries != zz_entries) ? ZZIP_CORRUPTED : 0; - # else -- return ((entries & (unsigned)0xFFFF) != zz_entries ? ZZIP_CORRUPTED : 0); -+ return ((entries & (unsigned)0xFFFF) != zz_entries) ? ZZIP_CORRUPTED : 0; - # endif - } - |