Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:Alexander_Naumov:SLE-12:Update
zziplib
CVE-2018-6542.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2018-6542.patch of Package zziplib
Index: zziplib-0.13.67/zzip/mmapped.c =================================================================== --- zziplib-0.13.67.orig/zzip/mmapped.c +++ zziplib-0.13.67/zzip/mmapped.c @@ -413,16 +413,19 @@ zzip_disk_findfirst(ZZIP_DISK * disk) for (; p >= disk->buffer; p--) { zzip_byte_t *root; /* (struct zzip_disk_entry*) */ + zzip_size_t rootsize; /* Size of root central directory */ + if (zzip_disk_trailer_check_magic(p)) { struct zzip_disk_trailer *trailer = (struct zzip_disk_trailer *) p; zzip_size_t rootseek = zzip_disk_trailer_get_rootseek(trailer); + rootsize = zzip_disk_trailer_get_rootsize(trailer); + root = disk->buffer + rootseek; DBG2("disk rootseek at %lli", (long long)rootseek); if (root > p) { /* the first disk_entry is after the disk_trailer? can't be! */ - zzip_size_t rootsize = zzip_disk_trailer_get_rootsize(trailer); DBG2("have rootsize at %lli", (long long)rootsize); if (disk->buffer + rootsize > p) continue; @@ -441,6 +444,7 @@ zzip_disk_findfirst(ZZIP_DISK * disk) return 0; } zzip_size_t rootseek = zzip_disk64_trailer_get_rootseek(trailer); + rootsize = zzip_disk64_trailer_get_rootsize(trailer); DBG2("disk64 rootseek at %lli", (long long)rootseek); root = disk->buffer + rootseek; if (root > p) @@ -457,7 +461,7 @@ zzip_disk_findfirst(ZZIP_DISK * disk) errno = EBADMSG; return 0; } - if (root >= disk->endbuf) + if (root >= disk->endbuf || (root + rootsize) >= disk->endbuf) { DBG1("root behind endbuf should be impossible"); errno = EBADMSG; Index: zziplib-0.13.67/zzip/memdisk.c =================================================================== --- zziplib-0.13.67.orig/zzip/memdisk.c +++ zziplib-0.13.67/zzip/memdisk.c @@ -143,6 +143,7 @@ zzip_mem_disk_load(ZZIP_MEM_DISK * dir, zzip_mem_disk_unload(dir); ___ long count = 0; ___ struct zzip_disk_entry *entry = zzip_disk_findfirst(disk); + if (!entry) goto error; for (; entry; entry = zzip_disk_findnext(disk, entry)) { ZZIP_MEM_ENTRY *item = zzip_mem_entry_new(disk, entry);
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor