Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:GA
zziplib
CVE-2018-16548.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2018-16548.patch of Package zziplib
Index: zziplib-0.13.67/zzip/zip.c =================================================================== --- zziplib-0.13.67.orig/zzip/zip.c +++ zziplib-0.13.67/zzip/zip.c @@ -470,9 +470,15 @@ __zzip_parse_root_directory(int fd, else { if (io->fd.seeks(fd, zz_rootseek + zz_offset, SEEK_SET) < 0) + { + free(hdr0); return ZZIP_DIR_SEEK; + } if (io->fd.read(fd, &dirent, sizeof(dirent)) < __sizeof(dirent)) + { + free(hdr0); return ZZIP_DIR_READ; + } d = &dirent; } @@ -572,11 +578,21 @@ __zzip_parse_root_directory(int fd, if (hdr_return) *hdr_return = hdr0; + else + { + /* If it is not assigned to *hdr_return, it will never be free()'d */ + free(hdr0); + } } /* else zero (sane) entries */ + else + { + /* If it is not assigned to *hdr_return, it will never be free()'d */ + free(hdr0); + } # ifndef ZZIP_ALLOW_MODULO_ENTRIES - return (entries != zz_entries ? ZZIP_CORRUPTED : 0); + return (entries != zz_entries) ? ZZIP_CORRUPTED : 0; # else - return ((entries & (unsigned)0xFFFF) != zz_entries ? ZZIP_CORRUPTED : 0); + return ((entries & (unsigned)0xFFFF) != zz_entries) ? ZZIP_CORRUPTED : 0; # endif }
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor