0020-Fix-buffer-overflow-in-password-protected-zip-archiv.patch (1452B)
- From d8d3475850d883e90d79086293279149d42658fd Mon Sep 17 00:00:00 2001
- From: Karol Babioch <kbabioch@suse.com>
- Date: Sat, 15 Jun 2019 18:13:11 -0700
- Subject: [PATCH] Fix buffer overflow in password protected zip archives
- ---
- fileio.c | 14 +++++++++++++-
- 1 file changed, 13 insertions(+), 1 deletion(-)
- diff --git a/fileio.c b/fileio.c
- index 36bfea3..7c21ed0 100644
- --- a/fileio.c
- +++ b/fileio.c
- @@ -1582,6 +1582,10 @@ int UZ_EXP UzpPassword (pG, rcnt, pwbuf, size, zfn, efn)
- int r = IZ_PW_ENTERED;
- char *m;
- char *prompt;
- + char *zfnf;
- + char *efnf;
- + size_t zfnfl;
- + int isOverflow;
- #ifndef REENTRANT
- /* tell picky compilers to shut up about "unused variable" warnings */
- @@ -1590,7 +1594,15 @@ int UZ_EXP UzpPassword (pG, rcnt, pwbuf, size, zfn, efn)
- if (*rcnt == 0) { /* First call for current entry */
- *rcnt = 2;
- - if ((prompt = (char *)malloc(2*FILNAMSIZ + 15)) != (char *)NULL) {
- + zfnf = FnFilter1(zfn);
- + efnf = FnFilter2(efn);
- + zfnfl = strlen(zfnf);
- + isOverflow = TRUE;
- + if (2*FILNAMSIZ >= zfnfl && (2*FILNAMSIZ - zfnfl) >= strlen(efnf))
- + {
- + isOverflow = FALSE;
- + }
- + if ((isOverflow == FALSE) && ((prompt = (char *)malloc(2*FILNAMSIZ + 15)) != (char *)NULL)) {
- sprintf(prompt, LoadFarString(PasswPrompt),
- FnFilter1(zfn), FnFilter2(efn));
- m = prompt;
- --
- 2.20.1