Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:15.2:Update
unzip
CVE-2014-9913.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2014-9913.patch of Package unzip
Index: unzip60/list.c =================================================================== --- unzip60.orig/list.c +++ unzip60/list.c @@ -339,7 +339,18 @@ int list_files(__G) /* return PK-type G.crec.compression_method == ENHDEFLATED) { methbuf[5] = dtype[(G.crec.general_purpose_bit_flag>>1) & 3]; } else if (methnum >= NUM_METHODS) { - sprintf(&methbuf[4], "%03u", G.crec.compression_method); + /* 2013-02-26 SMS. + * http://sourceforge.net/p/infozip/bugs/27/ CVE-2014-9913. + * Unexpectedly large compression methods overflow + * &methbuf[]. Use the old, three-digit decimal format + * for values which fit. Otherwise, sacrifice the + * colon, and use four-digit hexadecimal. + */ + if (G.crec.compression_method <= 999) { + sprintf( &methbuf[ 4], "%03u", G.crec.compression_method); + } else { + sprintf( &methbuf[ 3], "%04X", G.crec.compression_method); + } } #if 0 /* GRR/Euro: add this? */
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor