Overview

File CVE-2018-6381.patch of Package zziplib.35221

Index: zziplib-0.13.67/zzip/memdisk.c
===================================================================
--- zziplib-0.13.67.orig/zzip/memdisk.c
+++ zziplib-0.13.67/zzip/memdisk.c
@@ -209,6 +209,14 @@ zzip_mem_entry_new(ZZIP_DISK * disk, ZZI
     item->zz_diskstart = zzip_disk_entry_get_diskstart(entry);
     item->zz_filetype = zzip_disk_entry_get_filetype(entry);
 
+    /*
+     * If the file is uncompressed, zz_csize and zz_usize should be the same
+     * If they are not, we cannot guarantee that either is correct, so ...
+     */
+    if (item->zz_compr == ZZIP_IS_STORED && item->zz_csize != item->zz_usize)
+    {
+        goto error;
+    }
     /* zz_comment and zz_name are empty strings if not present on disk */
     if (! item->zz_comment || ! item->zz_name)
     {
openSUSE Build Service is sponsored by
Places