1 files changed, 37 insertions, 0 deletions

diff --git a/pkg/unzip/patch/0013-extract-prevent-unsigned-overflow-on-invalid-input.patch b/pkg/unzip/patch/0013-extract-prevent-unsigned-overflow-on-invalid-input.patch
new file mode 100644
index 00000000..9f816a7a
--- /dev/null
+++ b/pkg/unzip/patch/0013-extract-prevent-unsigned-overflow-on-invalid-input.patch
@@ -0,0 +1,37 @@
+From 91f3ce1672778ebb41317c2cad4b0a75cf3d002f Mon Sep 17 00:00:00 2001
+From: Kamil Dudka <kdudka@redhat.com>
+Date: Thu, 16 Jun 2016 22:42:33 -0700
+Subject: [PATCH] extract: prevent unsigned overflow on invalid input
+
+From 16-fix-integer-underflow-csiz-decrypted in
+unzip_6.0-16+deb8u2.debian.tar.xz.
+---
+ extract.c | 11 ++++++++++-
+ 1 file changed, 10 insertions(+), 1 deletion(-)
+
+diff --git a/extract.c b/extract.c
+index ad8b3f7..3ec8813 100644
+--- a/extract.c
++++ b/extract.c
+@@ -1257,8 +1257,17 @@ static int extract_or_test_entrylist(__G__ numchunk,
+         if (G.lrec.compression_method == STORED) {
+             zusz_t csiz_decrypted = G.lrec.csize;
+ 
+-            if (G.pInfo->encrypted)
++            if (G.pInfo->encrypted) {
++                if (csiz_decrypted < 12) {
++                    /* handle the error now to prevent unsigned overflow */
++                    Info(slide, 0x401, ((char *)slide,
++                      LoadFarStringSmall(ErrUnzipNoFile),
++                      LoadFarString(InvalidComprData),
++                      LoadFarStringSmall2(Inflate)));
++                    return PK_ERR;
++                }
+                 csiz_decrypted -= 12;
++            }
+             if (G.lrec.ucsize != csiz_decrypted) {
+                 Info(slide, 0x401, ((char *)slide,
+                   LoadFarStringSmall2(WrnStorUCSizCSizDiff),
+-- 
+2.8.1
+