rpms / unzip

Clone
Source Code
GIT

Blame SOURCES/unzip-6.0-cve-2018-1000035-heap-based-overflow.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c7-ppc64le c8 c8-beta c8s c9 c9-beta
  1.   c6daa47e91a7cc0e22261a34d9a09fa69307719c
  2.   SOURCES
  3.   unzip-6.0-cve-2018-1000035-heap-based-overflow.patch
Blob History Raw
02d1f3 
--- a/fileio.c	2014-12-05 05:06:05 -0600
02d1f3 
+++ b/fileio.c	2017-11-14 01:06:28 -0600
02d1f3 
@@ -1,5 +1,5 @@
02d1f3 
 /*
02d1f3 
-  Copyright (c) 1990-2009 Info-ZIP.  All rights reserved.
02d1f3 
+  Copyright (c) 1990-2017 Info-ZIP.  All rights reserved.
02d1f3
02d1f3 
   See the accompanying file LICENSE, version 2009-Jan-02 or later
02d1f3 
   (the contents of which are also included in unzip.h) for terms of use.
02d1f3 
@@ -1582,6 +1582,8 @@
02d1f3 
     int r = IZ_PW_ENTERED;
02d1f3 
     char *m;
02d1f3 
     char *prompt;
02d1f3 
+    char *ep;
02d1f3 
+    char *zp;
02d1f3
02d1f3 
 #ifndef REENTRANT
02d1f3 
     /* tell picky compilers to shut up about "unused variable" warnings */
02d1f3 
@@ -1590,9 +1592,12 @@
02d1f3
02d1f3 
     if (*rcnt == 0) {           /* First call for current entry */
02d1f3 
         *rcnt = 2;
02d1f3 
-        if ((prompt = (char *)malloc(2*FILNAMSIZ + 15)) != (char *)NULL) {
02d1f3 
-            sprintf(prompt, LoadFarString(PasswPrompt),
02d1f3 
-                    FnFilter1(zfn), FnFilter2(efn));
02d1f3 
+        zp = FnFilter1( zfn);
02d1f3 
+        ep = FnFilter2( efn);
02d1f3 
+        prompt = (char *)malloc(        /* Slightly too long (2* "%s"). */
02d1f3 
+         sizeof( PasswPrompt)+ strlen( zp)+ strlen( ep));
02d1f3 
+        if (prompt != (char *)NULL) {
02d1f3 
+            sprintf(prompt, LoadFarString(PasswPrompt), zp, ep);
02d1f3 
             m = prompt;
02d1f3 
         } else
02d1f3 
             m = (char *)LoadFarString(PasswPrompt2);

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation