logo

oasis

Own branch of Oasis Linux (upstream: <https://git.sr.ht/~mcf/oasis/>) git clone https://anongit.hacktivis.me/git/oasis.git

0020-Fix-buffer-overflow-in-password-protected-zip-archiv.patch (1452B)


  1. From d8d3475850d883e90d79086293279149d42658fd Mon Sep 17 00:00:00 2001
  2. From: Karol Babioch <kbabioch@suse.com>
  3. Date: Sat, 15 Jun 2019 18:13:11 -0700
  4. Subject: [PATCH] Fix buffer overflow in password protected zip archives
  5. ---
  6. fileio.c | 14 +++++++++++++-
  7. 1 file changed, 13 insertions(+), 1 deletion(-)
  8. diff --git a/fileio.c b/fileio.c
  9. index 36bfea3..7c21ed0 100644
  10. --- a/fileio.c
  11. +++ b/fileio.c
  12. @@ -1582,6 +1582,10 @@ int UZ_EXP UzpPassword (pG, rcnt, pwbuf, size, zfn, efn)
  13. int r = IZ_PW_ENTERED;
  14. char *m;
  15. char *prompt;
  16. + char *zfnf;
  17. + char *efnf;
  18. + size_t zfnfl;
  19. + int isOverflow;
  20. #ifndef REENTRANT
  21. /* tell picky compilers to shut up about "unused variable" warnings */
  22. @@ -1590,7 +1594,15 @@ int UZ_EXP UzpPassword (pG, rcnt, pwbuf, size, zfn, efn)
  23. if (*rcnt == 0) { /* First call for current entry */
  24. *rcnt = 2;
  25. - if ((prompt = (char *)malloc(2*FILNAMSIZ + 15)) != (char *)NULL) {
  26. + zfnf = FnFilter1(zfn);
  27. + efnf = FnFilter2(efn);
  28. + zfnfl = strlen(zfnf);
  29. + isOverflow = TRUE;
  30. + if (2*FILNAMSIZ >= zfnfl && (2*FILNAMSIZ - zfnfl) >= strlen(efnf))
  31. + {
  32. + isOverflow = FALSE;
  33. + }
  34. + if ((isOverflow == FALSE) && ((prompt = (char *)malloc(2*FILNAMSIZ + 15)) != (char *)NULL)) {
  35. sprintf(prompt, LoadFarString(PasswPrompt),
  36. FnFilter1(zfn), FnFilter2(efn));
  37. m = prompt;
  38. --
  39. 2.20.1