diff options
author | Patrick J Volkerding <volkerdi@slackware.com> | 2019-03-01 23:44:12 +0000 |
---|---|---|
committer | Eric Hameleers <alien@slackware.com> | 2019-03-02 08:59:47 +0100 |
commit | d26b7f6e82486c7fe02690ce5706b0660867c70b (patch) | |
tree | a0974c296e6fafc1ae78b443247ec50cd48347ac /source/a/infozip/unzip-patches/unzip-6.0-cve-2018-1000035-heap-based-overflow.patch | |
parent | 2c09649cb63357808c79c8c6734f986fd5a0d2aa (diff) | |
download | current-d26b7f6e82486c7fe02690ce5706b0660867c70b.tar.gz |
Fri Mar 1 23:44:12 UTC 201920190301234412
a/eudev-3.2.7-x86_64-2.txz: Rebuilt.
Don't require kvm group.
Diffstat (limited to 'source/a/infozip/unzip-patches/unzip-6.0-cve-2018-1000035-heap-based-overflow.patch')
-rw-r--r-- | source/a/infozip/unzip-patches/unzip-6.0-cve-2018-1000035-heap-based-overflow.patch | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/source/a/infozip/unzip-patches/unzip-6.0-cve-2018-1000035-heap-based-overflow.patch b/source/a/infozip/unzip-patches/unzip-6.0-cve-2018-1000035-heap-based-overflow.patch new file mode 100644 index 00000000..8ca71386 --- /dev/null +++ b/source/a/infozip/unzip-patches/unzip-6.0-cve-2018-1000035-heap-based-overflow.patch @@ -0,0 +1,34 @@ +--- a/fileio.c 2014-12-05 05:06:05 -0600 ++++ b/fileio.c 2017-11-14 01:06:28 -0600 +@@ -1,5 +1,5 @@ + /* +- Copyright (c) 1990-2009 Info-ZIP. All rights reserved. ++ Copyright (c) 1990-2017 Info-ZIP. All rights reserved. + + See the accompanying file LICENSE, version 2009-Jan-02 or later + (the contents of which are also included in unzip.h) for terms of use. +@@ -1582,6 +1582,8 @@ + int r = IZ_PW_ENTERED; + char *m; + char *prompt; ++ char *ep; ++ char *zp; + + #ifndef REENTRANT + /* tell picky compilers to shut up about "unused variable" warnings */ +@@ -1590,9 +1592,12 @@ + + if (*rcnt == 0) { /* First call for current entry */ + *rcnt = 2; +- if ((prompt = (char *)malloc(2*FILNAMSIZ + 15)) != (char *)NULL) { +- sprintf(prompt, LoadFarString(PasswPrompt), +- FnFilter1(zfn), FnFilter2(efn)); ++ zp = FnFilter1( zfn); ++ ep = FnFilter2( efn); ++ prompt = (char *)malloc( /* Slightly too long (2* "%s"). */ ++ sizeof( PasswPrompt)+ strlen( zp)+ strlen( ep)); ++ if (prompt != (char *)NULL) { ++ sprintf(prompt, LoadFarString(PasswPrompt), zp, ep); + m = prompt; + } else + m = (char *)LoadFarString(PasswPrompt2); |