author | Rich Burridge <rich.burridge@oracle.com> |
Thu, 13 Apr 2017 13:20:29 -0700 | |
changeset 7864 | f11e8d81786a |
parent 7568 | fa3a8a49f433 |
permissions | -rw-r--r-- |
7568
fa3a8a49f433
25208625 problem in UTILITY/ZIP
Lukas Rovensky <Lukas.Rovensky@oracle.com>
parents:
diff
changeset
|
1 |
Patch based on http://seclists.org/oss-sec/2016/q4/600 |
fa3a8a49f433
25208625 problem in UTILITY/ZIP
Lukas Rovensky <Lukas.Rovensky@oracle.com>
parents:
diff
changeset
|
2 |
The community plans to fix this security vulnerability in a future |
fa3a8a49f433
25208625 problem in UTILITY/ZIP
Lukas Rovensky <Lukas.Rovensky@oracle.com>
parents:
diff
changeset
|
3 |
release, so we will not pass this patch to the community. |
fa3a8a49f433
25208625 problem in UTILITY/ZIP
Lukas Rovensky <Lukas.Rovensky@oracle.com>
parents:
diff
changeset
|
4 |
|
fa3a8a49f433
25208625 problem in UTILITY/ZIP
Lukas Rovensky <Lukas.Rovensky@oracle.com>
parents:
diff
changeset
|
5 |
--- unzip60/zipinfo.c 2017-01-12 01:09:21.487547363 -0800 |
fa3a8a49f433
25208625 problem in UTILITY/ZIP
Lukas Rovensky <Lukas.Rovensky@oracle.com>
parents:
diff
changeset
|
6 |
+++ unzip60/zipinfo.c.new 2017-01-12 01:13:38.476562067 -0800 |
fa3a8a49f433
25208625 problem in UTILITY/ZIP
Lukas Rovensky <Lukas.Rovensky@oracle.com>
parents:
diff
changeset
|
7 |
@@ -1987,7 +1987,18 @@ |
fa3a8a49f433
25208625 problem in UTILITY/ZIP
Lukas Rovensky <Lukas.Rovensky@oracle.com>
parents:
diff
changeset
|
8 |
ush dnum=(ush)((G.crec.general_purpose_bit_flag>>1) & 3); |
fa3a8a49f433
25208625 problem in UTILITY/ZIP
Lukas Rovensky <Lukas.Rovensky@oracle.com>
parents:
diff
changeset
|
9 |
methbuf[3] = dtype[dnum]; |
fa3a8a49f433
25208625 problem in UTILITY/ZIP
Lukas Rovensky <Lukas.Rovensky@oracle.com>
parents:
diff
changeset
|
10 |
} else if (methnum >= NUM_METHODS) { /* unknown */ |
fa3a8a49f433
25208625 problem in UTILITY/ZIP
Lukas Rovensky <Lukas.Rovensky@oracle.com>
parents:
diff
changeset
|
11 |
- sprintf(&methbuf[1], "%03u", G.crec.compression_method); |
fa3a8a49f433
25208625 problem in UTILITY/ZIP
Lukas Rovensky <Lukas.Rovensky@oracle.com>
parents:
diff
changeset
|
12 |
+ /* 2016-12-05 SMS. |
fa3a8a49f433
25208625 problem in UTILITY/ZIP
Lukas Rovensky <Lukas.Rovensky@oracle.com>
parents:
diff
changeset
|
13 |
+ * https://launchpad.net/bugs/1643750 |
fa3a8a49f433
25208625 problem in UTILITY/ZIP
Lukas Rovensky <Lukas.Rovensky@oracle.com>
parents:
diff
changeset
|
14 |
+ * Unexpectedly large compression methods overflow |
fa3a8a49f433
25208625 problem in UTILITY/ZIP
Lukas Rovensky <Lukas.Rovensky@oracle.com>
parents:
diff
changeset
|
15 |
+ * &methbuf[]. Use the old, three-digit decimal format |
fa3a8a49f433
25208625 problem in UTILITY/ZIP
Lukas Rovensky <Lukas.Rovensky@oracle.com>
parents:
diff
changeset
|
16 |
+ * for values which fit. Otherwise, sacrifice the "u", |
fa3a8a49f433
25208625 problem in UTILITY/ZIP
Lukas Rovensky <Lukas.Rovensky@oracle.com>
parents:
diff
changeset
|
17 |
+ * and use four-digit hexadecimal. |
fa3a8a49f433
25208625 problem in UTILITY/ZIP
Lukas Rovensky <Lukas.Rovensky@oracle.com>
parents:
diff
changeset
|
18 |
+ */ |
fa3a8a49f433
25208625 problem in UTILITY/ZIP
Lukas Rovensky <Lukas.Rovensky@oracle.com>
parents:
diff
changeset
|
19 |
+ if (G.crec.compression_method <= 999) { |
fa3a8a49f433
25208625 problem in UTILITY/ZIP
Lukas Rovensky <Lukas.Rovensky@oracle.com>
parents:
diff
changeset
|
20 |
+ sprintf(&methbuf[1], "%03u", G.crec.compression_method); |
fa3a8a49f433
25208625 problem in UTILITY/ZIP
Lukas Rovensky <Lukas.Rovensky@oracle.com>
parents:
diff
changeset
|
21 |
+ } else { |
fa3a8a49f433
25208625 problem in UTILITY/ZIP
Lukas Rovensky <Lukas.Rovensky@oracle.com>
parents:
diff
changeset
|
22 |
+ sprintf(&methbuf[0], "%04X", G.crec.compression_method); |
fa3a8a49f433
25208625 problem in UTILITY/ZIP
Lukas Rovensky <Lukas.Rovensky@oracle.com>
parents:
diff
changeset
|
23 |
+ } |
fa3a8a49f433
25208625 problem in UTILITY/ZIP
Lukas Rovensky <Lukas.Rovensky@oracle.com>
parents:
diff
changeset
|
24 |
} |
fa3a8a49f433
25208625 problem in UTILITY/ZIP
Lukas Rovensky <Lukas.Rovensky@oracle.com>
parents:
diff
changeset
|
25 |
|
fa3a8a49f433
25208625 problem in UTILITY/ZIP
Lukas Rovensky <Lukas.Rovensky@oracle.com>
parents:
diff
changeset
|
26 |
for (k = 0; k < 15; ++k) |