| commit | author | age | ||
| 39288c | 1 | This patch is verbatim copy of unzip-6.0-cve-2014-8139.patch from unzip-6.0-57.fc36.src.rpm |
| 64ee97 | 2 | |
| 39288c | 3 | diff --git a/extract.c b/extract.c |
| MT | 4 | index 9ef80b3..c741b5f 100644 |
| 64ee97 | 5 | --- a/extract.c |
| AP | 6 | +++ b/extract.c |
| 7 | @@ -1,5 +1,5 @@ | |
| 8 | /* | |
| 9 | - Copyright (c) 1990-2009 Info-ZIP. All rights reserved. | |
| 10 | + Copyright (c) 1990-2014 Info-ZIP. All rights reserved. | |
| 11 | ||
| 12 | See the accompanying file LICENSE, version 2009-Jan-02 or later | |
| 13 | (the contents of which are also included in unzip.h) for terms of use. | |
| 39288c | 14 | @@ -298,6 +298,8 @@ char ZCONST Far TruncNTSD[] = |
| 64ee97 | 15 | #ifndef SFX |
| AP | 16 | static ZCONST char Far InconsistEFlength[] = "bad extra-field entry:\n \ |
| 17 | EF block length (%u bytes) exceeds remaining EF data (%u bytes)\n"; | |
| 39288c | 18 | + static ZCONST char Far TooSmallEBlength[] = "bad extra-field entry:\n \ |
| 64ee97 | 19 | + EF block length (%u bytes) invalid (< %d)\n"; |
| AP | 20 | static ZCONST char Far InvalidComprDataEAs[] = |
| 21 | " invalid compressed data for EAs\n"; | |
| 22 | # if (defined(WIN32) && defined(NTSD_EAS)) | |
| 39288c | 23 | @@ -2020,7 +2022,8 @@ static int TestExtraField(__G__ ef, ef_len) |
| 64ee97 | 24 | ebID = makeword(ef); |
| AP | 25 | ebLen = (unsigned)makeword(ef+EB_LEN); |
| 26 | ||
| 27 | - if (ebLen > (ef_len - EB_HEADSIZE)) { | |
| 28 | + if (ebLen > (ef_len - EB_HEADSIZE)) | |
| 29 | + { | |
| 30 | /* Discovered some extra field inconsistency! */ | |
| 31 | if (uO.qflag) | |
| 32 | Info(slide, 1, ((char *)slide, "%-22s ", | |
| 39288c | 33 | @@ -2155,11 +2158,29 @@ static int TestExtraField(__G__ ef, ef_len) |
| MT | 34 | } |
| 35 | break; | |
| 36 | case EF_PKVMS: | |
| 37 | - if (makelong(ef+EB_HEADSIZE) != | |
| 38 | - crc32(CRCVAL_INITIAL, ef+(EB_HEADSIZE+4), | |
| 39 | - (extent)(ebLen-4))) | |
| 40 | - Info(slide, 1, ((char *)slide, | |
| 41 | - LoadFarString(BadCRC_EAs))); | |
| 42 | + /* 2015-01-30 SMS. Added sufficient-bytes test/message | |
| 43 | + * here. (Removed defective ebLen test above.) | |
| 44 | + * | |
| 45 | + * If sufficient bytes (EB_PKVMS_MINLEN) are available, | |
| 46 | + * then compare the stored CRC value with the calculated | |
| 47 | + * CRC for the remainder of the data (and complain about | |
| 48 | + * a mismatch). | |
| 49 | + */ | |
| 50 | + if (ebLen < EB_PKVMS_MINLEN) | |
| 51 | + { | |
| 52 | + /* Insufficient bytes available. */ | |
| 53 | + Info( slide, 1, | |
| 54 | + ((char *)slide, LoadFarString( TooSmallEBlength), | |
| 55 | + ebLen, EB_PKVMS_MINLEN)); | |
| 56 | + } | |
| 57 | + else if (makelong(ef+ EB_HEADSIZE) != | |
| 58 | + crc32(CRCVAL_INITIAL, | |
| 59 | + (ef+ EB_HEADSIZE+ EB_PKVMS_MINLEN), | |
| 60 | + (extent)(ebLen- EB_PKVMS_MINLEN))) | |
| 61 | + { | |
| 62 | + Info(slide, 1, ((char *)slide, | |
| 63 | + LoadFarString(BadCRC_EAs))); | |
| 64 | + } | |
| 65 | break; | |
| 66 | case EF_PKW32: | |
| 67 | case EF_PKUNIX: | |
| 68 | diff --git a/unzpriv.h b/unzpriv.h | |
| 69 | index 005cee0..5c83a6e 100644 | |
| 70 | --- a/unzpriv.h | |
| 71 | +++ b/unzpriv.h | |
| 72 | @@ -1806,6 +1806,8 @@ | |
| 73 | #define EB_NTSD_VERSION 4 /* offset of NTSD version byte */ | |
| 74 | #define EB_NTSD_MAX_VER (0) /* maximum version # we know how to handle */ | |
| 64ee97 | 75 | |
| 39288c | 76 | +#define EB_PKVMS_MINLEN 4 /* minimum data length of PKVMS extra block */ |
| MT | 77 | + |
| 78 | #define EB_ASI_CRC32 0 /* offset of ASI Unix field's crc32 checksum */ | |
| 79 | #define EB_ASI_MODE 4 /* offset of ASI Unix permission mode field */ | |
| 80 | ||
| 81 | ||
