commit | author | age
|
39288c
|
1 |
This patch is verbatim copy of unzip-6.0-cve-2014-8139.patch from unzip-6.0-57.fc36.src.rpm |
64ee97
|
2 |
|
39288c
|
3 |
diff --git a/extract.c b/extract.c |
MT |
4 |
index 9ef80b3..c741b5f 100644 |
64ee97
|
5 |
--- a/extract.c |
AP |
6 |
+++ b/extract.c |
|
7 |
@@ -1,5 +1,5 @@ |
|
8 |
/* |
|
9 |
- Copyright (c) 1990-2009 Info-ZIP. All rights reserved. |
|
10 |
+ Copyright (c) 1990-2014 Info-ZIP. All rights reserved. |
|
11 |
|
|
12 |
See the accompanying file LICENSE, version 2009-Jan-02 or later |
|
13 |
(the contents of which are also included in unzip.h) for terms of use. |
39288c
|
14 |
@@ -298,6 +298,8 @@ char ZCONST Far TruncNTSD[] = |
64ee97
|
15 |
#ifndef SFX |
AP |
16 |
static ZCONST char Far InconsistEFlength[] = "bad extra-field entry:\n \ |
|
17 |
EF block length (%u bytes) exceeds remaining EF data (%u bytes)\n"; |
39288c
|
18 |
+ static ZCONST char Far TooSmallEBlength[] = "bad extra-field entry:\n \ |
64ee97
|
19 |
+ EF block length (%u bytes) invalid (< %d)\n"; |
AP |
20 |
static ZCONST char Far InvalidComprDataEAs[] = |
|
21 |
" invalid compressed data for EAs\n"; |
|
22 |
# if (defined(WIN32) && defined(NTSD_EAS)) |
39288c
|
23 |
@@ -2020,7 +2022,8 @@ static int TestExtraField(__G__ ef, ef_len) |
64ee97
|
24 |
ebID = makeword(ef); |
AP |
25 |
ebLen = (unsigned)makeword(ef+EB_LEN); |
|
26 |
|
|
27 |
- if (ebLen > (ef_len - EB_HEADSIZE)) { |
|
28 |
+ if (ebLen > (ef_len - EB_HEADSIZE)) |
|
29 |
+ { |
|
30 |
/* Discovered some extra field inconsistency! */ |
|
31 |
if (uO.qflag) |
|
32 |
Info(slide, 1, ((char *)slide, "%-22s ", |
39288c
|
33 |
@@ -2155,11 +2158,29 @@ static int TestExtraField(__G__ ef, ef_len) |
MT |
34 |
} |
|
35 |
break; |
|
36 |
case EF_PKVMS: |
|
37 |
- if (makelong(ef+EB_HEADSIZE) != |
|
38 |
- crc32(CRCVAL_INITIAL, ef+(EB_HEADSIZE+4), |
|
39 |
- (extent)(ebLen-4))) |
|
40 |
- Info(slide, 1, ((char *)slide, |
|
41 |
- LoadFarString(BadCRC_EAs))); |
|
42 |
+ /* 2015-01-30 SMS. Added sufficient-bytes test/message |
|
43 |
+ * here. (Removed defective ebLen test above.) |
|
44 |
+ * |
|
45 |
+ * If sufficient bytes (EB_PKVMS_MINLEN) are available, |
|
46 |
+ * then compare the stored CRC value with the calculated |
|
47 |
+ * CRC for the remainder of the data (and complain about |
|
48 |
+ * a mismatch). |
|
49 |
+ */ |
|
50 |
+ if (ebLen < EB_PKVMS_MINLEN) |
|
51 |
+ { |
|
52 |
+ /* Insufficient bytes available. */ |
|
53 |
+ Info( slide, 1, |
|
54 |
+ ((char *)slide, LoadFarString( TooSmallEBlength), |
|
55 |
+ ebLen, EB_PKVMS_MINLEN)); |
|
56 |
+ } |
|
57 |
+ else if (makelong(ef+ EB_HEADSIZE) != |
|
58 |
+ crc32(CRCVAL_INITIAL, |
|
59 |
+ (ef+ EB_HEADSIZE+ EB_PKVMS_MINLEN), |
|
60 |
+ (extent)(ebLen- EB_PKVMS_MINLEN))) |
|
61 |
+ { |
|
62 |
+ Info(slide, 1, ((char *)slide, |
|
63 |
+ LoadFarString(BadCRC_EAs))); |
|
64 |
+ } |
|
65 |
break; |
|
66 |
case EF_PKW32: |
|
67 |
case EF_PKUNIX: |
|
68 |
diff --git a/unzpriv.h b/unzpriv.h |
|
69 |
index 005cee0..5c83a6e 100644 |
|
70 |
--- a/unzpriv.h |
|
71 |
+++ b/unzpriv.h |
|
72 |
@@ -1806,6 +1806,8 @@ |
|
73 |
#define EB_NTSD_VERSION 4 /* offset of NTSD version byte */ |
|
74 |
#define EB_NTSD_MAX_VER (0) /* maximum version # we know how to handle */ |
64ee97
|
75 |
|
39288c
|
76 |
+#define EB_PKVMS_MINLEN 4 /* minimum data length of PKVMS extra block */ |
MT |
77 |
+ |
|
78 |
#define EB_ASI_CRC32 0 /* offset of ASI Unix field's crc32 checksum */ |
|
79 |
#define EB_ASI_MODE 4 /* offset of ASI Unix permission mode field */ |
|
80 |
|
|
81 |
|