[oe-commits] [openembedded-core] 15/17: unzip: fix CVE-2018-1000035
git at git.openembedded.org
git at git.openembedded.org
Mon Aug 20 11:00:59 UTC 2018
This is an automated email from the git hooks/post-receive script.
rpurdie pushed a commit to branch master-next
in repository openembedded-core.
commit f75289b9215580030540245cd0b5f945bfb05ffa
Author: Changqing Li <changqing.li at windriver.com>
AuthorDate: Fri Aug 17 10:02:13 2018 +0800
unzip: fix CVE-2018-1000035
Signed-off-by: Changqing Li <changqing.li at windriver.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
---
.../unzip/0001-unzip-fix-CVE-2018-1000035.patch | 48 ++++++++++++++++++++++
meta/recipes-extended/unzip/unzip_6.0.bb | 1 +
2 files changed, 49 insertions(+)
diff --git a/meta/recipes-extended/unzip/unzip/0001-unzip-fix-CVE-2018-1000035.patch b/meta/recipes-extended/unzip/unzip/0001-unzip-fix-CVE-2018-1000035.patch
new file mode 100644
index 0000000..37289d1
--- /dev/null
+++ b/meta/recipes-extended/unzip/unzip/0001-unzip-fix-CVE-2018-1000035.patch
@@ -0,0 +1,48 @@
+From 349f566e6e757458843fa164a0f0584280e1501e Mon Sep 17 00:00:00 2001
+From: Changqing Li <changqing.li at windriver.com>
+Date: Wed, 15 Aug 2018 16:20:53 +0800
+Subject: [PATCH] unzip: fix CVE-2018-1000035
+
+Upstream-Status: Backport
+
+CVE: CVE-2018-1000035
+
+backport from unzip6.10c23
+
+Signed-off-by: Changqing Li <changqing.li at windriver.com>
+---
+ fileio.c | 11 ++++++++---
+ 1 file changed, 8 insertions(+), 3 deletions(-)
+
+diff --git a/fileio.c b/fileio.c
+index 36bfea3..7605a29 100644
+--- a/fileio.c
++++ b/fileio.c
+@@ -1582,6 +1582,8 @@ int UZ_EXP UzpPassword (pG, rcnt, pwbuf, size, zfn, efn)
+ int r = IZ_PW_ENTERED;
+ char *m;
+ char *prompt;
++ char *ep;
++ char *zp;
+
+ #ifndef REENTRANT
+ /* tell picky compilers to shut up about "unused variable" warnings */
+@@ -1590,9 +1592,12 @@ int UZ_EXP UzpPassword (pG, rcnt, pwbuf, size, zfn, efn)
+
+ if (*rcnt == 0) { /* First call for current entry */
+ *rcnt = 2;
+- if ((prompt = (char *)malloc(2*FILNAMSIZ + 15)) != (char *)NULL) {
+- sprintf(prompt, LoadFarString(PasswPrompt),
+- FnFilter1(zfn), FnFilter2(efn));
++ zp = FnFilter1( zfn);
++ ep = FnFilter2( efn);
++ prompt = (char *)malloc( /* Slightly too long (2* "%s"). */
++ sizeof( PasswPrompt)+ strlen( zp)+ strlen( ep));
++ if (prompt != (char *)NULL) {
++ sprintf(prompt, LoadFarString(PasswPrompt), zp, ep);
+ m = prompt;
+ } else
+ m = (char *)LoadFarString(PasswPrompt2);
+--
+2.7.4
+
diff --git a/meta/recipes-extended/unzip/unzip_6.0.bb b/meta/recipes-extended/unzip/unzip_6.0.bb
index dbf4112..a47491e 100644
--- a/meta/recipes-extended/unzip/unzip_6.0.bb
+++ b/meta/recipes-extended/unzip/unzip_6.0.bb
@@ -20,6 +20,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/infozip/UnZip%206.x%20%28latest%29/UnZip%206.0/
file://18-cve-2014-9913-unzip-buffer-overflow.patch \
file://19-cve-2016-9844-zipinfo-buffer-overflow.patch \
file://symlink.patch \
+ file://0001-unzip-fix-CVE-2018-1000035.patch \
"
UPSTREAM_VERSION_UNKNOWN = "1"
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
More information about the Openembedded-commits
mailing list