Toshaan Bharvani
parent
564e07c2de
commit
13ed555df5
|
|
@ -0,0 +1,23 @@
|
|||
From 803f49aaae16b7f2899e4769afdfc673a21fa9e8 Mon Sep 17 00:00:00 2001
|
||||
From: Guido Draheim <guidod@gmx.de>
|
||||
Date: Mon, 26 Feb 2024 23:17:12 +0100
|
||||
Subject: [PATCH] #69 assert full zzip_file_header
|
||||
|
||||
---
|
||||
zzip/mmapped.c | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/zzip/mmapped.c b/zzip/mmapped.c
|
||||
index 2071882..306ba51 100644
|
||||
--- a/zzip/mmapped.c
|
||||
+++ b/zzip/mmapped.c
|
||||
@@ -276,7 +276,8 @@ struct zzip_file_header *
|
||||
zzip_disk_entry_to_file_header(ZZIP_DISK * disk, struct zzip_disk_entry *entry)
|
||||
{
|
||||
zzip_byte_t *const ptr = disk->buffer + zzip_disk_entry_fileoffset(entry);
|
||||
- if (disk->buffer > ptr || ptr >= disk->endbuf)
|
||||
+ zzip_byte_t *const end = ptr + sizeof(struct zzip_file_header);
|
||||
+ if (disk->buffer > ptr || end >= disk->endbuf || end <= NULL)
|
||||
{
|
||||
errno = EBADMSG;
|
||||
return 0;
|
||||
|
|
@ -1,7 +1,7 @@
|
|||
Summary: Lightweight library to easily extract data from zip files
|
||||
Name: zziplib
|
||||
Version: 0.13.71
|
||||
Release: 9%{?dist}
|
||||
Release: 11%{?dist}
|
||||
License: LGPLv2+ or MPLv1.1
|
||||
URL: http://zziplib.sourceforge.net/
|
||||
#Source: https://github.com/gdraheim/zziplib/archive/v%{version}.tar.gz
|
||||
|
|
@ -15,6 +15,7 @@ Source1: match.py
|
|||
Source2: options.py
|
||||
|
||||
Patch1: CVE-2020-18442.patch
|
||||
Patch2: CVE-2020-18770.patch
|
||||
Patch100: multilib-32.patch
|
||||
Patch101: multilib-64.patch
|
||||
|
||||
|
|
@ -74,6 +75,7 @@ cp %{SOURCE1} docs/zzipdoc/
|
|||
cp %{SOURCE2} docs/zzipdoc/
|
||||
|
||||
%patch1 -p1
|
||||
%patch2 -p1
|
||||
|
||||
|
||||
%build
|
||||
|
|
@ -122,6 +124,15 @@ popd
|
|||
%{_mandir}/man3/*
|
||||
|
||||
%changelog
|
||||
* Wed Feb 28 2024 Jakub Martisko <jamartis@redhat.com> - 0.13.71-11
|
||||
- Fix CVE-2020-18770
|
||||
Previous patch was causing segfault
|
||||
Resolves: RHEL-14967
|
||||
|
||||
* Wed Jan 24 2024 Jakub Martisko <jamartis@redhat.com> - 0.13.71-10
|
||||
- Fix CVE-2020-18770
|
||||
Resolves: RHEL-14967
|
||||
|
||||
* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 0.13.71-9
|
||||
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
|
||||
Related: rhbz#1991688
|
||||
|
|
|
|||
Loading…
Reference in New Issue