Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Step:15-SP4
unzip.9128
CVE-2018-1000035.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2018-1000035.patch of Package unzip.9128
From: <kbabioch@suse.com> Date: Thu Feb 8 15:10:03 CET 2018 Upstream: merged References: http://www.info-zip.org/phpBB3/viewtopic.php?f=7&t=548 Index: fileio.c =================================================================== --- fileio.c.orig +++ fileio.c @@ -1613,7 +1613,11 @@ int UZ_EXP UzpPassword (pG, rcnt, pwbuf, int r = IZ_PW_ENTERED; char *m; char *prompt; - + char *zfnf; + char *efnf; + size_t zfnfl; + int isOverflow; + #ifndef REENTRANT /* tell picky compilers to shut up about "unused variable" warnings */ pG = pG; @@ -1621,7 +1625,15 @@ int UZ_EXP UzpPassword (pG, rcnt, pwbuf, if (*rcnt == 0) { /* First call for current entry */ *rcnt = 2; - if ((prompt = (char *)malloc(2*FILNAMSIZ + 15)) != (char *)NULL) { + zfnf = FnFilter1(zfn); + efnf = FnFilter2(efn); + zfnfl = strlen(zfnf); + isOverflow = TRUE; + if (2*FILNAMSIZ >= zfnfl && (2*FILNAMSIZ - zfnfl) >= strlen(efnf)) + { + isOverflow = FALSE; + } + if ((isOverflow == FALSE) && ((prompt = (char *)malloc(2*FILNAMSIZ + 15)) != (char *)NULL)) { sprintf(prompt, LoadFarString(PasswPrompt), FnFilter1(zfn), FnFilter2(efn)); m = prompt;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor