Blame SOURCES/CVE-2018-7726.part2.patch
|
 |
a995b3 |
From 19c9e4dc6c5cf92a38d0d23dbccac6993f9c41be Mon Sep 17 00:00:00 2001
|
|
|
a995b3 |
From: Guido Draheim <guidod@gmx.de>
|
|
|
a995b3 |
Date: Tue, 13 Mar 2018 01:50:36 +0100
|
|
|
a995b3 |
Subject: [PATCH] check rootseek after correction #41
|
|
|
a995b3 |
|
|
|
a995b3 |
---
|
|
|
a995b3 |
zzip/zip.c | 9 ++++++---
|
|
|
a995b3 |
1 file changed, 6 insertions(+), 3 deletions(-)
|
|
|
a995b3 |
|
|
|
a995b3 |
diff --git a/zzip/zip.c b/zzip/zip.c
|
|
|
a995b3 |
index 6be8d7c..0d79d52 100644
|
|
|
a995b3 |
--- a/zzip/zip.c
|
|
|
a995b3 |
+++ b/zzip/zip.c
|
|
|
a995b3 |
@@ -1,4 +1,3 @@
|
|
|
a995b3 |
-
|
|
|
a995b3 |
/*
|
|
|
a995b3 |
* Author:
|
|
|
a995b3 |
* Guido Draheim <guidod@gmx.de>
|
|
|
a995b3 |
@@ -422,6 +421,9 @@ __zzip_parse_root_directory(int fd,
|
|
|
a995b3 |
zzip_off64_t zz_rootseek = _disk_trailer_rootseek(trailer);
|
|
|
a995b3 |
__correct_rootseek(zz_rootseek, zz_rootsize, trailer);
|
|
|
a995b3 |
|
|
|
a995b3 |
+ if (zz_entries < 0 || zz_rootseek < 0 || zz_rootseek < 0)
|
|
|
a995b3 |
+ return ZZIP_CORRUPTED;
|
|
|
a995b3 |
+
|
|
|
a995b3 |
hdr0 = (struct zzip_dir_hdr *) malloc(zz_rootsize);
|
|
|
a995b3 |
if (! hdr0)
|
|
|
a995b3 |
return ZZIP_DIRSIZE;
|
|
|
a995b3 |
@@ -465,8 +467,9 @@ __zzip_parse_root_directory(int fd,
|
|
|
a995b3 |
# endif
|
|
|
a995b3 |
|
|
|
a995b3 |
if (fd_map)
|
|
|
a995b3 |
- { d = (void*)(fd_map+zz_fd_gap+zz_offset); } /* fd_map+fd_gap==u_rootseek */
|
|
|
a995b3 |
- else
|
|
|
a995b3 |
+ {
|
|
|
a995b3 |
+ d = (void*)(fd_map+zz_fd_gap+zz_offset); /* fd_map+fd_gap==u_rootseek */
|
|
|
a995b3 |
+ } else
|
|
|
a995b3 |
{
|
|
|
a995b3 |
if (io->fd.seeks(fd, zz_rootseek + zz_offset, SEEK_SET) < 0)
|
|
|
a995b3 |
return ZZIP_DIR_SEEK;
|