logo

oasis

Own branch of Oasis Linux (upstream: <https://git.sr.ht/~mcf/oasis/>) git clone https://anongit.hacktivis.me/git/oasis.git

0016-extract-prevent-unsigned-overflow-on-invalid-input.patch (1318B)


  1. From c2b00ce1582efdb781355dfa7b161b5393cfa56f Mon Sep 17 00:00:00 2001
  2. From: Kamil Dudka <kdudka@redhat.com>
  3. Date: Tue, 22 Sep 2015 18:52:23 +0200
  4. Subject: [PATCH] extract: prevent unsigned overflow on invalid input
  5. Suggested-by: Stefan Cornelius
  6. ---
  7. extract.c | 11 ++++++++++-
  8. 1 file changed, 10 insertions(+), 1 deletion(-)
  9. diff --git a/extract.c b/extract.c
  10. index 188f1cf..549a5eb 100644
  11. --- a/extract.c
  12. +++ b/extract.c
  13. @@ -1257,8 +1257,17 @@ static int extract_or_test_entrylist(__G__ numchunk,
  14. if (G.lrec.compression_method == STORED) {
  15. zusz_t csiz_decrypted = G.lrec.csize;
  16. - if (G.pInfo->encrypted)
  17. + if (G.pInfo->encrypted) {
  18. + if (csiz_decrypted < 12) {
  19. + /* handle the error now to prevent unsigned overflow */
  20. + Info(slide, 0x401, ((char *)slide,
  21. + LoadFarStringSmall(ErrUnzipNoFile),
  22. + LoadFarString(InvalidComprData),
  23. + LoadFarStringSmall2(Inflate)));
  24. + return PK_ERR;
  25. + }
  26. csiz_decrypted -= 12;
  27. + }
  28. if (G.lrec.ucsize != csiz_decrypted) {
  29. Info(slide, 0x401, ((char *)slide,
  30. LoadFarStringSmall2(WrnStorUCSizCSizDiff),
  31. --
  32. 2.20.1