diff options
| -rw-r--r-- | pkgs/tools/archivers/unzip/CVE-2014-9636.diff | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/pkgs/tools/archivers/unzip/CVE-2014-9636.diff b/pkgs/tools/archivers/unzip/CVE-2014-9636.diff index aeaf3e70de6e..d4c7f752975e 100644 --- a/pkgs/tools/archivers/unzip/CVE-2014-9636.diff +++ b/pkgs/tools/archivers/unzip/CVE-2014-9636.diff @@ -1,6 +1,6 @@ -From a9bfab5b52d08879bbc5e0991684b700127ddcff Mon Sep 17 00:00:00 2001 +From 190040ebfcf5395a6ccedede2cc9343d34f0a108 Mon Sep 17 00:00:00 2001 From: mancha <mancha1 AT zoho DOT com> -Date: Mon, 3 Nov 2014 +Date: Wed, 11 Feb 2015 Subject: Info-ZIP UnZip buffer overflow By carefully crafting a corrupt ZIP archive with "extra fields" that @@ -26,12 +26,13 @@ This patch ensures that when extra fields use STORED mode, the if (compr_offset < 4) /* field is not compressed: */ return PK_OK; /* do nothing and signal OK */ -@@ -2226,6 +2227,12 @@ static int test_compr_eb(__G__ eb, eb_si +@@ -2226,6 +2227,13 @@ static int test_compr_eb(__G__ eb, eb_si eb_size <= (compr_offset + EB_CMPRHEADLEN))) return IZ_EF_TRUNC; /* no compressed data! */ + method = makeword(eb + (EB_HEADSIZE + compr_offset)); -+ if ((method == STORED) && (eb_size - compr_offset != eb_ucsize)) ++ if ((method == STORED) && ++ (eb_size - compr_offset - EB_CMPRHEADLEN != eb_ucsize)) + return PK_ERR; /* compressed & uncompressed + * should match in STORED + * method */ |