Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:15.2:Staging:B
zziplib
CVE-2018-7726.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2018-7726.patch of Package zziplib
Index: zziplib-0.13.69/docs/zziplib.html =================================================================== --- zziplib-0.13.69.orig/docs/zziplib.html +++ zziplib-0.13.69/docs/zziplib.html @@ -415,7 +415,8 @@ generated 2003-12-12 <code>(<nobr>int fd</nobr>, <nobr>struct zzip_disk_trailer * trailer</nobr>, <nobr>struct zzip_dir_hdr ** hdr_return</nobr>, -<nobr>zzip_plugin_io_t io</nobr>)</code> +<nobr>zzip_plugin_io_t io</nobr>, +<nobr>zzip_off_t filesize</nobr>)</code> </td></tr><tr valign="top"> <td valign="top"><code>ZZIP_DIR* @@ -1091,7 +1092,8 @@ generated 2003-12-12 <code>(<nobr>int fd</nobr>, <nobr>struct zzip_disk_trailer * trailer</nobr>, <nobr>struct zzip_dir_hdr ** hdr_return</nobr>, -<nobr>zzip_plugin_io_t io</nobr>)</code> +<nobr>zzip_plugin_io_t io</nobr>, +<nobr>zzip_off_t filesize</nobr>)</code> </code></code><dt> <dd><p> (../zzip/zip.c) Index: zziplib-0.13.69/zzip/zip.c =================================================================== --- zziplib-0.13.69.orig/zzip/zip.c +++ zziplib-0.13.69/zzip/zip.c @@ -82,7 +82,8 @@ int __zzip_fetch_disk_trailer(int fd, zz int __zzip_parse_root_directory(int fd, struct _disk_trailer *trailer, struct zzip_dir_hdr **hdr_return, - zzip_plugin_io_t io); + zzip_plugin_io_t io, + zzip_off_t filesize); _zzip_inline static char *__zzip_aligned4(char *p); @@ -406,7 +407,8 @@ int __zzip_parse_root_directory(int fd, struct _disk_trailer *trailer, struct zzip_dir_hdr **hdr_return, - zzip_plugin_io_t io) + zzip_plugin_io_t io, + zzip_off_t filesize); { auto struct zzip_disk_entry dirent; struct zzip_dir_hdr *hdr; @@ -421,6 +423,9 @@ __zzip_parse_root_directory(int fd, zzip_off64_t zz_rootseek = _disk_trailer_rootseek(trailer); __correct_rootseek(zz_rootseek, zz_rootsize, trailer); + if (zz_rootsize <= 0 || zz_rootseek < 0 || zz_rootseek >= filesize) + return ZZIP_CORRUPTED; + if (zz_entries < 0 || zz_rootseek < 0 || zz_rootsize < 0) return ZZIP_CORRUPTED; @@ -755,7 +760,7 @@ __zzip_dir_parse(ZZIP_DIR * dir) (long) _disk_trailer_rootseek(&trailer)); if ((rv = __zzip_parse_root_directory(dir->fd, &trailer, &dir->hdr0, - dir->io)) != 0) + dir->io, filesize)) != 0) { goto error; } error: return rv;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
