Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:15.0:Staging:D
zziplib
CVE-2018-7725.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2018-7725.patch of Package zziplib
Index: zziplib-0.13.69/zzip/memdisk.c =================================================================== --- zziplib-0.13.69.orig/zzip/memdisk.c +++ zziplib-0.13.69/zzip/memdisk.c @@ -222,6 +222,14 @@ zzip_mem_entry_new(ZZIP_DISK * disk, ZZI item->zz_filetype = zzip_disk_entry_get_filetype(entry); /* + * If zz_data+zz_csize exceeds the size of the file, bail out + */ + if ((item->zz_data + item->zz_csize) < disk->buffer || + (item->zz_data + item->zz_csize) >= disk->endbuf) + { + goto error; + } + /* * If the file is uncompressed, zz_csize and zz_usize should be the same * If they are not, we cannot guarantee that either is correct, so ... */ Index: zziplib-0.13.69/zzip/zip.c =================================================================== --- zziplib-0.13.69.orig/zzip/zip.c +++ zziplib-0.13.69/zzip/zip.c @@ -408,7 +408,7 @@ __zzip_parse_root_directory(int fd, struct _disk_trailer *trailer, struct zzip_dir_hdr **hdr_return, zzip_plugin_io_t io, - zzip_off_t filesize); + zzip_off_t filesize) { auto struct zzip_disk_entry dirent; struct zzip_dir_hdr *hdr;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor