File zoo-2.10-security-infinite_loop.patch of Package zoo

Overview Repositories Revisions Requests Users Attributes Meta

File zoo-2.10-security-infinite_loop.patch of Package zoo

Index: zooext.c
===================================================================
--- zooext.c.orig	1991-07-11 21:08:00.000000000 +0200
+++ zooext.c	2009-11-24 19:46:09.928625000 +0100
@@ -89,6 +89,7 @@ int alloc_size;
 #endif
 struct direntry direntry;                 /* directory entry */
 int first_dir = 1;								/* first dir entry seen? */
+unsigned long zoo_pointer = 0;                     /* Track our position in the file */
 
 static char extract_ver[] = "Zoo %d.%d is needed to extract %s.\n";
 static char no_space[] = "Insufficient disk space to extract %s.\n";
@@ -169,6 +170,9 @@ if (fiz_ofs != 0L) {                /* i
 		exit_status = 1;
    }
    zooseek (zoo_file, zoo_header.zoo_start, 0); /* seek to where data begins */
+
+   /* Begin tracking our position in the file */
+   zoo_pointer = zoo_header.zoo_start;
 }
 
 #ifndef PORTABLE
@@ -597,6 +601,12 @@ bit 23==0 and bit 22==1. */
    } /* end if */
 
 loop_again:
+
+   /* Make sure we are not seeking to already processed data */
+   if (next_ptr <= zoo_pointer)
+          prterror ('f', "ZOO chain structure is corrupted\n");
+   zoo_pointer = next_ptr;
+
    zooseek (zoo_file, next_ptr, 0); /* ..seek to next dir entry */
 } /* end while */
 
Index: zoolist.c
===================================================================
--- zoolist.c.orig	1991-07-11 21:08:04.000000000 +0200
+++ zoolist.c	2009-11-24 19:46:09.933625000 +0100
@@ -92,6 +92,7 @@ int genson = 1;					/* enable/disable ge
 int show_mode = 0;				/* show file protection */
 #endif
 int first_dir = 1;				/* if first direntry -- to adjust dat_ofs */
+unsigned long zoo_pointer = 0;         /* Track our position in the file */
 
 while (*option) {
    switch (*option) {
@@ -211,6 +212,9 @@ if (fiz_ofs != 0L) {                /* i
 		show_acmt (&zoo_header, zoo_file, 0);		/* show archive comment */
 	}
 
+   /* Begin tracking our position in the file */
+   zoo_pointer = zoo_header.zoo_start;
+
    /* Seek to the beginning of the first directory entry */
    if (zooseek (zoo_file, zoo_header.zoo_start, 0) != 0) {
       ercount++;
@@ -437,6 +441,11 @@ if (fiz_ofs != 0L) {                /* i
          if (verb_list && !fast)
             show_comment (&direntry, zoo_file, 0, (char *) NULL);
       } /* end if (lots of conditions) */
+
+      /* Make sure we are not seeking to already processed data */
+      if (direntry.next <= zoo_pointer)
+               prterror ('f', "ZOO chain structure is corrupted\n");
+      zoo_pointer = direntry.next;
    
 		/* ..seek to next dir entry */
       zooseek (zoo_file, direntry.next, 0);

Places

File zoo-2.10-security-infinite_loop.patch of Package zoo

Places