Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:GA
zziplib
CVE-2018-7726.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2018-7726.patch of Package zziplib
Index: zziplib-0.13.67/docs/zziplib.html =================================================================== --- zziplib-0.13.67.orig/docs/zziplib.html +++ zziplib-0.13.67/docs/zziplib.html @@ -415,7 +415,8 @@ generated 2003-12-12 <code>(<nobr>int fd</nobr>, <nobr>struct zzip_disk_trailer * trailer</nobr>, <nobr>struct zzip_dir_hdr ** hdr_return</nobr>, -<nobr>zzip_plugin_io_t io</nobr>)</code> +<nobr>zzip_plugin_io_t io</nobr>, +<nobr>zzip_off_t filesize</nobr>)</code> </td></tr><tr valign="top"> <td valign="top"><code>ZZIP_DIR* @@ -1091,7 +1092,8 @@ generated 2003-12-12 <code>(<nobr>int fd</nobr>, <nobr>struct zzip_disk_trailer * trailer</nobr>, <nobr>struct zzip_dir_hdr ** hdr_return</nobr>, -<nobr>zzip_plugin_io_t io</nobr>)</code> +<nobr>zzip_plugin_io_t io</nobr>, +<nobr>zzip_off_t filesize</nobr>)</code> </code></code><dt> <dd><p> (../zzip/zip.c) Index: zziplib-0.13.67/zzip/zip.c =================================================================== --- zziplib-0.13.67.orig/zzip/zip.c +++ zziplib-0.13.67/zzip/zip.c @@ -83,7 +83,8 @@ int __zzip_fetch_disk_trailer(int fd, zz int __zzip_parse_root_directory(int fd, struct _disk_trailer *trailer, struct zzip_dir_hdr **hdr_return, - zzip_plugin_io_t io); + zzip_plugin_io_t io, + zzip_off_t filesize); _zzip_inline static char *__zzip_aligned4(char *p); @@ -403,7 +404,8 @@ int __zzip_parse_root_directory(int fd, struct _disk_trailer *trailer, struct zzip_dir_hdr **hdr_return, - zzip_plugin_io_t io) + zzip_plugin_io_t io, + zzip_off_t filesize) { auto struct zzip_disk_entry dirent; struct zzip_dir_hdr *hdr; @@ -418,6 +420,9 @@ __zzip_parse_root_directory(int fd, zzip_off64_t zz_rootseek = _disk_trailer_rootseek(trailer); __correct_rootseek(zz_rootseek, zz_rootsize, trailer); + if (zz_rootsize <= 0 || zz_rootseek < 0 || zz_rootseek >= filesize) + return ZZIP_CORRUPTED; + hdr0 = (struct zzip_dir_hdr *) malloc(zz_rootsize); if (! hdr0) return ZZIP_DIRSIZE; @@ -748,7 +753,7 @@ __zzip_dir_parse(ZZIP_DIR * dir) (long) _disk_trailer_rootseek(&trailer)); if ((rv = __zzip_parse_root_directory(dir->fd, &trailer, &dir->hdr0, - dir->io)) != 0) + dir->io, filesize)) != 0) { goto error; } error: return rv;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor