|
1 Source: |
|
2 https://bugzilla.redhat.com/show_bug.cgi?id=1174844 |
|
3 Info: |
|
4 http://www.ocert.org/advisories/ocert-2014-011.html |
|
5 |
|
6 --- unzip60/extract.c 2010-04-03 14:41:55 -0500 |
|
7 +++ unzip60/extract.c 2014-12-03 15:33:35 -0600 |
|
8 @@ -1,5 +1,5 @@ |
|
9 /* |
|
10 - Copyright (c) 1990-2009 Info-ZIP. All rights reserved. |
|
11 + Copyright (c) 1990-2014 Info-ZIP. All rights reserved. |
|
12 |
|
13 See the accompanying file LICENSE, version 2009-Jan-02 or later |
|
14 (the contents of which are also included in unzip.h) for terms of use. |
|
15 @@ -298,6 +298,8 @@ |
|
16 #ifndef SFX |
|
17 static ZCONST char Far InconsistEFlength[] = "bad extra-field entry:\n \ |
|
18 EF block length (%u bytes) exceeds remaining EF data (%u bytes)\n"; |
|
19 + static ZCONST char Far TooSmallEFlength[] = "bad extra-field entry:\n \ |
|
20 + EF block length (%u bytes) invalid (< %d)\n"; |
|
21 static ZCONST char Far InvalidComprDataEAs[] = |
|
22 " invalid compressed data for EAs\n"; |
|
23 # if (defined(WIN32) && defined(NTSD_EAS)) |
|
24 @@ -2023,7 +2025,8 @@ |
|
25 ebID = makeword(ef); |
|
26 ebLen = (unsigned)makeword(ef+EB_LEN); |
|
27 |
|
28 - if (ebLen > (ef_len - EB_HEADSIZE)) { |
|
29 + if (ebLen > (ef_len - EB_HEADSIZE)) |
|
30 + { |
|
31 /* Discovered some extra field inconsistency! */ |
|
32 if (uO.qflag) |
|
33 Info(slide, 1, ((char *)slide, "%-22s ", |
|
34 @@ -2032,6 +2035,16 @@ |
|
35 ebLen, (ef_len - EB_HEADSIZE))); |
|
36 return PK_ERR; |
|
37 } |
|
38 + else if (ebLen < EB_HEADSIZE) |
|
39 + { |
|
40 + /* Extra block length smaller than header length. */ |
|
41 + if (uO.qflag) |
|
42 + Info(slide, 1, ((char *)slide, "%-22s ", |
|
43 + FnFilter1(G.filename))); |
|
44 + Info(slide, 1, ((char *)slide, LoadFarString(TooSmallEFlength), |
|
45 + ebLen, EB_HEADSIZE)); |
|
46 + return PK_ERR; |
|
47 + } |
|
48 |
|
49 switch (ebID) { |
|
50 case EF_OS2: |
|
51 |