summary refs log tree commit diff
path: root/gnu/packages/patches/zziplib-CVE-2017-5975.patch
blob: fad174b056a44aeb25cd57bd0624312d5234574d (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
Fix CVE-2017-5975:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5975

Patch copied from Debian.

Index: zziplib-0.13.62/zzip/memdisk.c
===================================================================
--- zziplib-0.13.62.orig/zzip/memdisk.c
+++ zziplib-0.13.62/zzip/memdisk.c
@@ -173,6 +173,8 @@ zzip_mem_entry_new(ZZIP_DISK * disk, ZZI
         return 0;               /* errno=ENOMEM; */
     ___ struct zzip_file_header *header =
         zzip_disk_entry_to_file_header(disk, entry);
+    if (!header)
+	{ free(item); return 0; }
     /*  there is a number of duplicated information in the file header
      *  or the disk entry block. Theoretically some part may be missing
      *  that exists in the other, ... but we will prefer the disk entry.
Index: zziplib-0.13.62/zzip/mmapped.c
===================================================================
--- zziplib-0.13.62.orig/zzip/mmapped.c
+++ zziplib-0.13.62/zzip/mmapped.c
@@ -289,6 +289,8 @@ zzip_disk_entry_to_file_header(ZZIP_DISK
         (disk->buffer + zzip_disk_entry_fileoffset(entry));
     if (disk->buffer > file_header || file_header >= disk->endbuf)
         return 0;
+    if (ZZIP_GET32(file_header) != ZZIP_FILE_HEADER_MAGIC)
+        return 0;
     return (struct zzip_file_header *) file_header;
 }