summary refs log tree commit diff
path: root/gnu/packages/patches/libgxps-CVE-2017-11590.patch
blob: 9caa79b6f0d5695f00440515f5b796ff29fc5225 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
Fix CVE-2017-11590:

https://bugzilla.gnome.org/show_bug.cgi?id=785479
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11590

Patch copied from upstream source repository:

https://git.gnome.org/browse/libgxps/commit/?id=9d5d292055250ed298f3b89dc332d6db4003a031

From 9d5d292055250ed298f3b89dc332d6db4003a031 Mon Sep 17 00:00:00 2001
From: Marek Kasik <mkasik@redhat.com>
Date: Wed, 26 Jul 2017 16:23:37 +0200
Subject: archive: Check for pathname being NULL before dereferencing

Check whether "archive_entry_pathname ()" returns a non-NULL pathname
before using it to avoid a NULL pointer being dereferenced.

https://bugzilla.gnome.org/show_bug.cgi?id=785479
---
 libgxps/gxps-archive.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/libgxps/gxps-archive.c b/libgxps/gxps-archive.c
index acf8d7d..e763773 100644
--- a/libgxps/gxps-archive.c
+++ b/libgxps/gxps-archive.c
@@ -257,6 +257,7 @@ gxps_archive_initable_init (GInitable     *initable,
 	GXPSArchive          *archive;
 	ZipArchive           *zip;
 	struct archive_entry *entry;
+	const gchar          *pathname;
 
 	archive = GXPS_ARCHIVE (initable);
 
@@ -281,7 +282,9 @@ gxps_archive_initable_init (GInitable     *initable,
 
         while (gxps_zip_archive_iter_next (zip, &entry)) {
                 /* FIXME: We can ignore directories here */
-                g_hash_table_add (archive->entries, g_strdup (archive_entry_pathname (entry)));
+                pathname = archive_entry_pathname (entry);
+                if (pathname != NULL)
+                        g_hash_table_add (archive->entries, g_strdup (pathname));
                 archive_read_data_skip (zip->archive);
         }
 
-- 
cgit v0.12