~olbohlen/oi-userland.git

			@@ -1,7 +1,7 @@
			From: sms
			Subject: Fix CVE-2014-8139: CRC32 verification heap-based overflow
			Bug-Debian: http://bugs.debian.org/773722
			This patch is verbatim copy of unzip-6.0-cve-2014-8139.patch from unzip-6.0-57.fc36.src.rpm

			diff --git a/extract.c b/extract.c
			index 9ef80b3..c741b5f 100644
			--- a/extract.c
			+++ b/extract.c
			@@ -1,5 +1,5 @@
			@@ -11,16 +11,16 @@

			See the accompanying file LICENSE, version 2009-Jan-02 or later
			(the contents of which are also included in unzip.h) for terms of use.
			@@ -298,6 +298,8 @@
			@@ -298,6 +298,8 @@ char ZCONST Far TruncNTSD[] =
			#ifndef SFX
			static ZCONST char Far InconsistEFlength[] = "bad extra-field entry:\n \
			EF block length (%u bytes) exceeds remaining EF data (%u bytes)\n";
			+ static ZCONST char Far TooSmallEFlength[] = "bad extra-field entry:\n \
			+ static ZCONST char Far TooSmallEBlength[] = "bad extra-field entry:\n \
			+ EF block length (%u bytes) invalid (< %d)\n";
			static ZCONST char Far InvalidComprDataEAs[] =
			" invalid compressed data for EAs\n";
			# if (defined(WIN32) && defined(NTSD_EAS))
			@@ -2023,7 +2025,8 @@
			@@ -2020,7 +2022,8 @@ static int TestExtraField(__G__ ef, ef_len)
			ebID = makeword(ef);
			ebLen = (unsigned)makeword(ef+EB_LEN);

			@@ -30,20 +30,52 @@
			/* Discovered some extra field inconsistency! */
			if (uO.qflag)
			Info(slide, 1, ((char *)slide, "%-22s ",
			@@ -2032,6 +2035,16 @@
			ebLen, (ef_len - EB_HEADSIZE)));
			return PK_ERR;
			}
			+ else if (ebLen < EB_HEADSIZE)
			+ {
			+ /* Extra block length smaller than header length. */
			+ if (uO.qflag)
			+ Info(slide, 1, ((char *)slide, "%-22s ",
			+ FnFilter1(G.filename)));
			+ Info(slide, 1, ((char *)slide, LoadFarString(TooSmallEFlength),
			+ ebLen, EB_HEADSIZE));
			+ return PK_ERR;
			+ }
			@@ -2155,11 +2158,29 @@ static int TestExtraField(__G__ ef, ef_len)
			}
			break;
			case EF_PKVMS:
			- if (makelong(ef+EB_HEADSIZE) !=
			- crc32(CRCVAL_INITIAL, ef+(EB_HEADSIZE+4),
			- (extent)(ebLen-4)))
			- Info(slide, 1, ((char *)slide,
			- LoadFarString(BadCRC_EAs)));
			+ /* 2015-01-30 SMS. Added sufficient-bytes test/message
			+ * here. (Removed defective ebLen test above.)
			+ *
			+ * If sufficient bytes (EB_PKVMS_MINLEN) are available,
			+ * then compare the stored CRC value with the calculated
			+ * CRC for the remainder of the data (and complain about
			+ * a mismatch).
			+ */
			+ if (ebLen < EB_PKVMS_MINLEN)
			+ {
			+ /* Insufficient bytes available. */
			+ Info( slide, 1,
			+ ((char *)slide, LoadFarString( TooSmallEBlength),
			+ ebLen, EB_PKVMS_MINLEN));
			+ }
			+ else if (makelong(ef+ EB_HEADSIZE) !=
			+ crc32(CRCVAL_INITIAL,
			+ (ef+ EB_HEADSIZE+ EB_PKVMS_MINLEN),
			+ (extent)(ebLen- EB_PKVMS_MINLEN)))
			+ {
			+ Info(slide, 1, ((char *)slide,
			+ LoadFarString(BadCRC_EAs)));
			+ }
			break;
			case EF_PKW32:
			case EF_PKUNIX:
			diff --git a/unzpriv.h b/unzpriv.h
			index 005cee0..5c83a6e 100644
			--- a/unzpriv.h
			+++ b/unzpriv.h
			@@ -1806,6 +1806,8 @@
			#define EB_NTSD_VERSION 4 /* offset of NTSD version byte */
			#define EB_NTSD_MAX_VER (0) /* maximum version # we know how to handle */

			switch (ebID) {
			case EF_OS2:
			+#define EB_PKVMS_MINLEN 4 /* minimum data length of PKVMS extra block */
			+
			#define EB_ASI_CRC32 0 /* offset of ASI Unix field's crc32 checksum */
			#define EB_ASI_MODE 4 /* offset of ASI Unix permission mode field */