diff options
Diffstat (limited to 'gnu/packages/patches')
-rw-r--r-- | gnu/packages/patches/unzip-32bit-zipbomb-fix.patch | 50 |
1 files changed, 50 insertions, 0 deletions
diff --git a/gnu/packages/patches/unzip-32bit-zipbomb-fix.patch b/gnu/packages/patches/unzip-32bit-zipbomb-fix.patch new file mode 100644 index 0000000000..ad6a157c56 --- /dev/null +++ b/gnu/packages/patches/unzip-32bit-zipbomb-fix.patch @@ -0,0 +1,50 @@ +From 13f0260beae851f7d5dd96e9ef757d8d6d7daac1 Mon Sep 17 00:00:00 2001 +From: Mark Adler <madler@alumni.caltech.edu> +Date: Sun, 9 Feb 2020 07:20:13 -0800 +Subject: [PATCH] Fix false overlapped components detection on 32-bit systems. + +32-bit systems with ZIP64_SUPPORT enabled could have different +size types for zoff_t and zusz_t. That resulted in bad parameter +passing to the bound tracking functions, itself due to the lack of +use of C function prototypes in unzip. This commit assures that +parameters are cast properly for those calls. + +This problem occurred only for ill-chosen make options, which give +a 32-bit zoff_t. A proper build will result in a zoff_t of 64 bits, +even on 32-bit systems. +--- + extract.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/extract.c b/extract.c +index 1b73cb0..d9866f9 100644 +--- a/extract.c ++++ b/extract.c +@@ -329,7 +329,7 @@ static ZCONST char Far OverlappedComponents[] = + + + /* A growable list of spans. */ +-typedef zoff_t bound_t; ++typedef zusz_t bound_t; + typedef struct { + bound_t beg; /* start of the span */ + bound_t end; /* one past the end of the span */ +@@ -518,7 +518,8 @@ int extract_or_test_files(__G) /* return PK-type error code */ + return PK_MEM; + } + if ((G.extra_bytes != 0 && +- cover_add((cover_t *)G.cover, 0, G.extra_bytes) != 0) || ++ cover_add((cover_t *)G.cover, ++ (bound_t)0, (bound_t)G.extra_bytes) != 0) || + (G.ecrec.have_ecr64 && + cover_add((cover_t *)G.cover, G.ecrec.ec64_start, + G.ecrec.ec64_end) != 0) || +@@ -1216,7 +1217,7 @@ static int extract_or_test_entrylist(__G__ numchunk, + + /* seek_zipf(__G__ pInfo->offset); */ + request = G.pInfo->offset + G.extra_bytes; +- if (cover_within((cover_t *)G.cover, request)) { ++ if (cover_within((cover_t *)G.cover, (bound_t)request)) { + Info(slide, 0x401, ((char *)slide, + LoadFarString(OverlappedComponents))); + return PK_BOMB; |