From d8d3475850d883e90d79086293279149d42658fd Mon Sep 17 00:00:00 2001
From: Karol Babioch <kbabioch@suse.com>
Date: Sat, 15 Jun 2019 18:13:11 -0700
Subject: [PATCH] Fix buffer overflow in password protected zip archives

---
 fileio.c | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/fileio.c b/fileio.c
index 36bfea3..7c21ed0 100644
--- a/fileio.c
+++ b/fileio.c
@@ -1582,6 +1582,10 @@ int UZ_EXP UzpPassword (pG, rcnt, pwbuf, size, zfn, efn)
     int r = IZ_PW_ENTERED;
     char *m;
     char *prompt;
+    char *zfnf;
+    char *efnf;
+    size_t zfnfl;
+    int isOverflow;
 
 #ifndef REENTRANT
     /* tell picky compilers to shut up about "unused variable" warnings */
@@ -1590,7 +1594,15 @@ int UZ_EXP UzpPassword (pG, rcnt, pwbuf, size, zfn, efn)
 
     if (*rcnt == 0) {           /* First call for current entry */
         *rcnt = 2;
-        if ((prompt = (char *)malloc(2*FILNAMSIZ + 15)) != (char *)NULL) {
+        zfnf = FnFilter1(zfn);
+        efnf = FnFilter2(efn);
+        zfnfl = strlen(zfnf);
+        isOverflow = TRUE;
+        if (2*FILNAMSIZ >= zfnfl && (2*FILNAMSIZ - zfnfl) >= strlen(efnf))
+        {
+		isOverflow = FALSE;
+        }
+        if ((isOverflow == FALSE) && ((prompt = (char *)malloc(2*FILNAMSIZ + 15)) != (char *)NULL)) {
             sprintf(prompt, LoadFarString(PasswPrompt),
                     FnFilter1(zfn), FnFilter2(efn));
             m = prompt;
-- 
2.20.1