mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-05-08 05:09:24 +00:00
Code Issues Projects Releases Wiki Activity

unzip: fix CVE-2018-1000035

Browse Source 
(From OE-Core rev: f75289b9215580030540245cd0b5f945bfb05ffa)

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Changqing Li
2018-08-17 10:02:13 +08:00
committed by Richard Purdie
parent e18f891394
commit dac65465fb
2 changed files with 49 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta/recipes-extended/unzip/unzip/0001-unzip-fix-CVE-2018-1000035.patch
+48
View File
@@ -0,0 +1,48 @@
From 349f566e6e757458843fa164a0f0584280e1501e Mon Sep 17 00:00:00 2001
From: Changqing Li <changqing.li@windriver.com>
Date: Wed, 15 Aug 2018 16:20:53 +0800
Subject: [PATCH] unzip: fix CVE-2018-1000035
Upstream-Status: Backport
CVE: CVE-2018-1000035
backport from unzip6.10c23
Signed-off-by: Changqing Li <changqing.li@windriver.com>
---
fileio.c | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/fileio.c b/fileio.c
index 36bfea3..7605a29 100644
--- a/fileio.c
+++ b/fileio.c
@@ -1582,6 +1582,8 @@ int UZ_EXP UzpPassword (pG, rcnt, pwbuf, size, zfn, efn)
int r = IZ_PW_ENTERED;
char *m;
char *prompt;
+ char *ep;
+ char *zp;
#ifndef REENTRANT
/* tell picky compilers to shut up about "unused variable" warnings */
@@ -1590,9 +1592,12 @@ int UZ_EXP UzpPassword (pG, rcnt, pwbuf, size, zfn, efn)
if (*rcnt == 0) { /* First call for current entry */
*rcnt = 2;
- if ((prompt = (char *)malloc(2*FILNAMSIZ + 15)) != (char *)NULL) {
- sprintf(prompt, LoadFarString(PasswPrompt),
- FnFilter1(zfn), FnFilter2(efn));
+ zp = FnFilter1( zfn);
+ ep = FnFilter2( efn);
+ prompt = (char *)malloc( /* Slightly too long (2* "%s"). */
+ sizeof( PasswPrompt)+ strlen( zp)+ strlen( ep));
+ if (prompt != (char *)NULL) {
+ sprintf(prompt, LoadFarString(PasswPrompt), zp, ep);
m = prompt;
} else
m = (char *)LoadFarString(PasswPrompt2);
--
2.7.4
meta/recipes-extended/unzip/unzip_6.0.bb
+1
View File
@@ -20,6 +20,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/infozip/UnZip%206.x%20%28latest%29/UnZip%206.0/
file://18-cve-2014-9913-unzip-buffer-overflow.patch \
file://19-cve-2016-9844-zipinfo-buffer-overflow.patch \
file://symlink.patch \
file://0001-unzip-fix-CVE-2018-1000035.patch \
"
UPSTREAM_VERSION_UNKNOWN = "1"