File CVE-2018-1000035.patch of Package unzip

Overview Repositories Revisions Requests Users Attributes Meta

File CVE-2018-1000035.patch of Package unzip

From: <kbabioch@suse.com>
Date: Thu Feb  8 15:10:03 CET 2018
Upstream: merged
References: http://www.info-zip.org/phpBB3/viewtopic.php?f=7&t=548

Index: fileio.c
===================================================================
--- fileio.c.orig
+++ fileio.c
@@ -1613,7 +1613,11 @@ int UZ_EXP UzpPassword (pG, rcnt, pwbuf,
     int r = IZ_PW_ENTERED;
     char *m;
     char *prompt;
-
+    char *zfnf;
+    char *efnf;
+    size_t zfnfl;
+    int isOverflow;
+    
 #ifndef REENTRANT
     /* tell picky compilers to shut up about "unused variable" warnings */
     pG = pG;
@@ -1621,7 +1625,15 @@ int UZ_EXP UzpPassword (pG, rcnt, pwbuf,
 
     if (*rcnt == 0) {           /* First call for current entry */
         *rcnt = 2;
-        if ((prompt = (char *)malloc(2*FILNAMSIZ + 15)) != (char *)NULL) {
+        zfnf = FnFilter1(zfn);
+        efnf = FnFilter2(efn);
+        zfnfl = strlen(zfnf);
+        isOverflow = TRUE;
+        if (2*FILNAMSIZ >= zfnfl && (2*FILNAMSIZ - zfnfl) >= strlen(efnf))
+        {
+		isOverflow = FALSE;
+        }
+        if ((isOverflow == FALSE) && ((prompt = (char *)malloc(2*FILNAMSIZ + 15)) != (char *)NULL)) {
             sprintf(prompt, LoadFarString(PasswPrompt),
                     FnFilter1(zfn), FnFilter2(efn));
             m = prompt;

Places

File CVE-2018-1000035.patch of Package unzip

Places