rpms / unzip

Clone
Source Code
GIT

Blame SOURCES/unzip-zipbomb-part4.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c7-ppc64le c8 c8-beta c8s c9 c9-beta
  1.   1ed2990b1766431e022292b09efdd3abc1eed127
  2.   SOURCES
  3.   unzip-zipbomb-part4.patch
Blob History Raw
1ed299 
From 5e2efcd633a4a1fb95a129a75508e7d769e767be Mon Sep 17 00:00:00 2001
1ed299 
From: Mark Adler <madler@alumni.caltech.edu>
1ed299 
Date: Sun, 9 Feb 2020 20:36:28 -0800
1ed299 
Subject: [PATCH] Fix bug in UZbunzip2() that incorrectly updated G.incnt.
1ed299
1ed299 
The update assumed a full buffer, which is not always full. This
1ed299 
could result in a false overlapped element detection when a small
1ed299 
bzip2-compressed file was unzipped. This commit remedies that.
1ed299 
---
1ed299 
 extract.c | 2 +-
1ed299 
 1 file changed, 1 insertion(+), 1 deletion(-)
1ed299
1ed299 
diff --git a/extract.c b/extract.c
1ed299 
index d9866f9..0cb7bfc 100644
1ed299 
--- a/extract.c
1ed299 
+++ b/extract.c
1ed299 
@@ -3010,7 +3010,7 @@ __GDEF
1ed299 
 #endif
1ed299
1ed299 
     G.inptr = (uch *)bstrm.next_in;
1ed299 
-    G.incnt = (G.inbuf + INBUFSIZ) - G.inptr;  /* reset for other routines */
1ed299 
+    G.incnt -= G.inptr - G.inbuf;       /* reset for other routines */
1ed299
1ed299 
 uzbunzip_cleanup_exit:
1ed299 
     err = BZ2_bzDecompressEnd(&bstrm);

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation