diff options
author | mancha <mancha1@zoho.com> | 2015-02-23 23:13:00 +0000 |
---|---|---|
committer | Peter Simons <simons@cryp.to> | 2015-03-09 15:55:24 +0100 |
commit | f43d759bc410de0f04523c8f13979e529794ddbd (patch) | |
tree | 708dc8bf6ba8dd17f64c466598d716dd582d6a9b /pkgs/tools/archivers/unzip | |
parent | c4ff9d10bab7317d7d47a3b21717e8e4c5e8bf3e (diff) | |
download | nixpkgs-f43d759bc410de0f04523c8f13979e529794ddbd.tar nixpkgs-f43d759bc410de0f04523c8f13979e529794ddbd.tar.gz nixpkgs-f43d759bc410de0f04523c8f13979e529794ddbd.tar.bz2 nixpkgs-f43d759bc410de0f04523c8f13979e529794ddbd.tar.lz nixpkgs-f43d759bc410de0f04523c8f13979e529794ddbd.tar.xz nixpkgs-f43d759bc410de0f04523c8f13979e529794ddbd.tar.zst nixpkgs-f43d759bc410de0f04523c8f13979e529794ddbd.zip |
unzip: fix CVE-2014-9636 patch
Close #6544, fixes #6543. vcunat: no security impact; just fixes false rejections of some rarer inputs - a problem introduced by the CVE patch.
Diffstat (limited to 'pkgs/tools/archivers/unzip')
-rw-r--r-- | pkgs/tools/archivers/unzip/CVE-2014-9636.diff | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/pkgs/tools/archivers/unzip/CVE-2014-9636.diff b/pkgs/tools/archivers/unzip/CVE-2014-9636.diff index aeaf3e70de6..d4c7f752975 100644 --- a/pkgs/tools/archivers/unzip/CVE-2014-9636.diff +++ b/pkgs/tools/archivers/unzip/CVE-2014-9636.diff @@ -1,6 +1,6 @@ -From a9bfab5b52d08879bbc5e0991684b700127ddcff Mon Sep 17 00:00:00 2001 +From 190040ebfcf5395a6ccedede2cc9343d34f0a108 Mon Sep 17 00:00:00 2001 From: mancha <mancha1 AT zoho DOT com> -Date: Mon, 3 Nov 2014 +Date: Wed, 11 Feb 2015 Subject: Info-ZIP UnZip buffer overflow By carefully crafting a corrupt ZIP archive with "extra fields" that @@ -26,12 +26,13 @@ This patch ensures that when extra fields use STORED mode, the if (compr_offset < 4) /* field is not compressed: */ return PK_OK; /* do nothing and signal OK */ -@@ -2226,6 +2227,12 @@ static int test_compr_eb(__G__ eb, eb_si +@@ -2226,6 +2227,13 @@ static int test_compr_eb(__G__ eb, eb_si eb_size <= (compr_offset + EB_CMPRHEADLEN))) return IZ_EF_TRUNC; /* no compressed data! */ + method = makeword(eb + (EB_HEADSIZE + compr_offset)); -+ if ((method == STORED) && (eb_size - compr_offset != eb_ucsize)) ++ if ((method == STORED) && ++ (eb_size - compr_offset - EB_CMPRHEADLEN != eb_ucsize)) + return PK_ERR; /* compressed & uncompressed + * should match in STORED + * method */ |