diff options
Diffstat (limited to 'pkg/unzip/patch/0009-Fix-CVE-2014-8139-CRC32-verification-heap-based-over.patch')
| -rw-r--r-- | pkg/unzip/patch/0009-Fix-CVE-2014-8139-CRC32-verification-heap-based-over.patch | 63 |
1 files changed, 63 insertions, 0 deletions
diff --git a/pkg/unzip/patch/0009-Fix-CVE-2014-8139-CRC32-verification-heap-based-over.patch b/pkg/unzip/patch/0009-Fix-CVE-2014-8139-CRC32-verification-heap-based-over.patch new file mode 100644 index 00000000..b89a0db2 --- /dev/null +++ b/pkg/unzip/patch/0009-Fix-CVE-2014-8139-CRC32-verification-heap-based-over.patch @@ -0,0 +1,63 @@ +From 9decdbe830f233fad7428df99e0c2d34887ac3cf Mon Sep 17 00:00:00 2001 +From: "Steven M. Schweda" <sms@antinode.info> +Date: Sat, 15 Jun 2019 18:13:11 -0700 +Subject: [PATCH] Fix CVE-2014-8139: CRC32 verification heap-based overflow + +--- + extract.c | 17 ++++++++++++++--- + 1 file changed, 14 insertions(+), 3 deletions(-) + +diff --git a/extract.c b/extract.c +index 1acd769..df0fa1c 100644 +--- a/extract.c ++++ b/extract.c +@@ -1,5 +1,5 @@ + /* +- Copyright (c) 1990-2009 Info-ZIP. All rights reserved. ++ Copyright (c) 1990-2014 Info-ZIP. All rights reserved. + + See the accompanying file LICENSE, version 2009-Jan-02 or later + (the contents of which are also included in unzip.h) for terms of use. +@@ -298,6 +298,8 @@ char ZCONST Far TruncNTSD[] = + #ifndef SFX + static ZCONST char Far InconsistEFlength[] = "bad extra-field entry:\n \ + EF block length (%u bytes) exceeds remaining EF data (%u bytes)\n"; ++ static ZCONST char Far TooSmallEBlength[] = "bad extra-field entry:\n \ ++ EF block length (%u bytes) invalid (< %d)\n"; + static ZCONST char Far InvalidComprDataEAs[] = + " invalid compressed data for EAs\n"; + # if (defined(WIN32) && defined(NTSD_EAS)) +@@ -2023,7 +2025,8 @@ static int TestExtraField(__G__ ef, ef_len) + ebID = makeword(ef); + ebLen = (unsigned)makeword(ef+EB_LEN); + +- if (ebLen > (ef_len - EB_HEADSIZE)) { ++ if (ebLen > (ef_len - EB_HEADSIZE)) ++ { + /* Discovered some extra field inconsistency! */ + if (uO.qflag) + Info(slide, 1, ((char *)slide, "%-22s ", +@@ -2158,11 +2161,19 @@ static int TestExtraField(__G__ ef, ef_len) + } + break; + case EF_PKVMS: +- if (makelong(ef+EB_HEADSIZE) != ++ if (ebLen < 4) ++ { ++ Info(slide, 1, ++ ((char *)slide, LoadFarString(TooSmallEBlength), ++ ebLen, 4)); ++ } ++ else if (makelong(ef+EB_HEADSIZE) != + crc32(CRCVAL_INITIAL, ef+(EB_HEADSIZE+4), + (extent)(ebLen-4))) ++ { + Info(slide, 1, ((char *)slide, + LoadFarString(BadCRC_EAs))); ++ } + break; + case EF_PKW32: + case EF_PKUNIX: +-- +2.20.1 + |