Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Factory
unzip
CVE-2015-7697.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2015-7697.patch of Package unzip
From: Kamil Dudka <kdudka@redhat.com> Date: Mon, 14 Sep 2015 18:24:56 +0200 Subject: fix infinite loop when extracting empty bzip2 data Bug-Debian: https://bugs.debian.org/802160 Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1260944 Origin: other, https://bugzilla.redhat.com/attachment.cgi?id=1073339 --- extract.c | 6 ++++++ 1 file changed, 6 insertions(+) Index: unzip60/extract.c =================================================================== --- unzip60.orig/extract.c +++ unzip60/extract.c @@ -2721,6 +2721,12 @@ __GDEF int repeated_buf_err; bz_stream bstrm; + if (G.incnt <= 0 && G.csize <= 0L) { + /* avoid an infinite loop */ + Trace((stderr, "UZbunzip2() got empty input\n")); + return 2; + } + #if (defined(DLL) && !defined(NO_SLIDE_REDIR)) if (G.redirect_slide) wsize = G.redirect_size, redirSlide = G.redirect_buffer; Index: unzip60/zipinfo.c =================================================================== --- unzip60.orig/zipinfo.c +++ unzip60/zipinfo.c @@ -1888,7 +1888,7 @@ static int zi_short(__G) /* return PK- int k, error, error_in_archive=PK_COOL; unsigned hostnum, hostver, methid, methnum, xattr; char *p, workspace[12], attribs[16]; - char methbuf[5]; + char methbuf[1+5+1]; /* large enough to hold 1 character + an unsigned short + NUL */ static ZCONST char dtype[5]="NXFS"; /* normal, maximum, fast, superfast */ static ZCONST char Far os[NUM_HOSTS+1][4] = { "fat", "ami", "vms", "unx", "cms", "atr", "hpf", "mac", "zzz",
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor