rpms / unzip

Clone
Source Code
GIT

Blame SOURCES/unzip-zipbomb-part5.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c7-ppc64le c8 c8-beta c8s c9 c9-beta
  1.   d8d82baec3dec817cdb102a804e758ffb17fc63b
  2.   SOURCES
  3.   unzip-zipbomb-part5.patch
Blob History Raw
1de2b3 
From 5c572555cf5d80309a07c30cf7a54b2501493720 Mon Sep 17 00:00:00 2001
1de2b3 
From: Mark Adler <madler@alumni.caltech.edu>
1de2b3 
Date: Sun, 9 Feb 2020 21:39:09 -0800
1de2b3 
Subject: [PATCH] Fix bug in UZinflate() that incorrectly updated G.incnt.
1de2b3
1de2b3 
The update assumed a full buffer, which is not always full. This
1de2b3 
could result in a false overlapped element detection when a small
1de2b3 
deflate-compressed file was unzipped using an old zlib. This
1de2b3 
commit remedies that.
1de2b3 
---
1de2b3 
 inflate.c | 2 +-
1de2b3 
 1 file changed, 1 insertion(+), 1 deletion(-)
1de2b3
1de2b3 
diff --git a/inflate.c b/inflate.c
1de2b3 
index 2f5a015..70e3cc0 100644
1de2b3 
--- a/inflate.c
1de2b3 
+++ b/inflate.c
1de2b3 
@@ -700,7 +700,7 @@ int UZinflate(__G__ is_defl64)
1de2b3 
       G.dstrm.total_out));
1de2b3
1de2b3 
     G.inptr = (uch *)G.dstrm.next_in;
1de2b3 
-    G.incnt = (G.inbuf + INBUFSIZ) - G.inptr;  /* reset for other routines */
1de2b3 
+    G.incnt -= G.inptr - G.inbuf;       /* reset for other routines */
1de2b3
1de2b3 
 uzinflate_cleanup_exit:
1de2b3 
     err = inflateReset(&G.dstrm);

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation