Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP5:GA
zlib.31141
CVE-2023-45853.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2023-45853.patch of Package zlib.31141
From 431e66398552effd82d5c0ea982a521821782ebd Mon Sep 17 00:00:00 2001 From: Hans Wennborg <hans@chromium.org> Date: Fri, 18 Aug 2023 11:05:33 +0200 Subject: [PATCH] minizip: Check length of comment, filename, and extra field, in zipOpenNewFileInZip4_64 These are stored in 16-bit fields in the zip file format. Passing longer values would generate an invalid file. Passing very long values could also cause the computation of zi->ci.size_centralheader to overflow, which would cause heap buffer overflow on subsequent writes to zi->ci.central_header. --- contrib/minizip/zip.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/contrib/minizip/zip.c b/contrib/minizip/zip.c index 3d3d4cadd..0446109b2 100644 --- a/contrib/minizip/zip.c +++ b/contrib/minizip/zip.c @@ -1043,6 +1043,17 @@ extern int ZEXPORT zipOpenNewFileInZip4_64(zipFile file, const char* filename, c return ZIP_PARAMERROR; #endif + // The filename and comment length must fit in 16 bits. + if ((filename!=NULL) && (strlen(filename)>0xffff)) + return ZIP_PARAMERROR; + if ((comment!=NULL) && (strlen(comment)>0xffff)) + return ZIP_PARAMERROR; + // The extra field length must fit in 16 bits. If the member also requires + // a Zip64 extra block, that will also need to fit within that 16-bit + // length, but that will be checked for later. + if ((size_extrafield_local>0xffff) || (size_extrafield_global>0xffff)) + return ZIP_PARAMERROR; + zi = (zip64_internal*)file; if (zi->in_opened_file_inzip == 1)
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor