File CVE-2018-7726.patch of Package zziplib

Overview Repositories Revisions Requests Users Attributes Meta

File CVE-2018-7726.patch of Package zziplib (Revision 1ef3c23fd03e74b64540ce5972f38697)

Currently displaying revision 1ef3c23fd03e74b64540ce5972f38697 , Show latest

Index: zziplib-0.13.69/docs/zziplib.html
===================================================================
--- zziplib-0.13.69.orig/docs/zziplib.html
+++ zziplib-0.13.69/docs/zziplib.html
@@ -415,7 +415,8 @@ generated 2003-12-12
 <code>(int fd,
 struct zzip_disk_trailer * trailer,
 struct zzip_dir_hdr ** hdr_return,
-zzip_plugin_io_t io)</code>
+zzip_plugin_io_t io,
+zzip_off_t filesize)</code>
 
 </td></tr><tr valign="top">
 <td valign="top"><code>ZZIP_DIR*
@@ -1091,7 +1092,8 @@ generated 2003-12-12
 <code>(int fd,
 struct zzip_disk_trailer * trailer,
 struct zzip_dir_hdr ** hdr_return,
-zzip_plugin_io_t io)</code>
+zzip_plugin_io_t io,
+zzip_off_t filesize)</code>
 
 </code></code><dt>
 <dd> &nbsp;(../zzip/zip.c)
Index: zziplib-0.13.69/zzip/zip.c
===================================================================
--- zziplib-0.13.69.orig/zzip/zip.c
+++ zziplib-0.13.69/zzip/zip.c
@@ -82,7 +82,8 @@ int __zzip_fetch_disk_trailer(int fd, zz
 int __zzip_parse_root_directory(int fd,
 struct _disk_trailer *trailer,
 struct zzip_dir_hdr **hdr_return,
- zzip_plugin_io_t io);
+ zzip_plugin_io_t io,
+				zzip_off_t filesize);
 
 _zzip_inline static char *__zzip_aligned4(char *p);
 
@@ -406,7 +407,8 @@ int
 __zzip_parse_root_directory(int fd,
 struct _disk_trailer *trailer,
 struct zzip_dir_hdr **hdr_return,
- zzip_plugin_io_t io)
+ zzip_plugin_io_t io,
+			 zzip_off_t filesize);
 {
 auto struct zzip_disk_entry dirent;
 struct zzip_dir_hdr *hdr;
@@ -421,6 +423,9 @@ __zzip_parse_root_directory(int fd,
 zzip_off64_t zz_rootseek = _disk_trailer_rootseek(trailer);
 __correct_rootseek(zz_rootseek, zz_rootsize, trailer);
 
+ if (zz_rootsize <= 0 || zz_rootseek < 0 || zz_rootseek >= filesize)
+ 	return ZZIP_CORRUPTED;
+
 if (zz_entries < 0 || zz_rootseek < 0 || zz_rootsize < 0)
 return ZZIP_CORRUPTED;
 
@@ -755,7 +760,7 @@ __zzip_dir_parse(ZZIP_DIR * dir)
 (long) _disk_trailer_rootseek(&trailer));
 
 if ((rv = __zzip_parse_root_directory(dir->fd, &trailer, &dir->hdr0,
- dir->io)) != 0)
+ dir->io, filesize)) != 0)
 { goto error; }
 error:
 return rv;

Places

File CVE-2018-7726.patch of Package zziplib (Revision 1ef3c23fd03e74b64540ce5972f38697)

Places