summaryrefslogtreecommitdiff
path: root/source/a/infozip/unzip-patches/unzip-6.0-cve-2018-1000035-heap-based-overflow.patch
diff options
context:
space:
mode:
Diffstat (limited to 'source/a/infozip/unzip-patches/unzip-6.0-cve-2018-1000035-heap-based-overflow.patch')
-rw-r--r--source/a/infozip/unzip-patches/unzip-6.0-cve-2018-1000035-heap-based-overflow.patch34
1 files changed, 34 insertions, 0 deletions
diff --git a/source/a/infozip/unzip-patches/unzip-6.0-cve-2018-1000035-heap-based-overflow.patch b/source/a/infozip/unzip-patches/unzip-6.0-cve-2018-1000035-heap-based-overflow.patch
new file mode 100644
index 00000000..8ca71386
--- /dev/null
+++ b/source/a/infozip/unzip-patches/unzip-6.0-cve-2018-1000035-heap-based-overflow.patch
@@ -0,0 +1,34 @@
+--- a/fileio.c 2014-12-05 05:06:05 -0600
++++ b/fileio.c 2017-11-14 01:06:28 -0600
+@@ -1,5 +1,5 @@
+ /*
+- Copyright (c) 1990-2009 Info-ZIP. All rights reserved.
++ Copyright (c) 1990-2017 Info-ZIP. All rights reserved.
+
+ See the accompanying file LICENSE, version 2009-Jan-02 or later
+ (the contents of which are also included in unzip.h) for terms of use.
+@@ -1582,6 +1582,8 @@
+ int r = IZ_PW_ENTERED;
+ char *m;
+ char *prompt;
++ char *ep;
++ char *zp;
+
+ #ifndef REENTRANT
+ /* tell picky compilers to shut up about "unused variable" warnings */
+@@ -1590,9 +1592,12 @@
+
+ if (*rcnt == 0) { /* First call for current entry */
+ *rcnt = 2;
+- if ((prompt = (char *)malloc(2*FILNAMSIZ + 15)) != (char *)NULL) {
+- sprintf(prompt, LoadFarString(PasswPrompt),
+- FnFilter1(zfn), FnFilter2(efn));
++ zp = FnFilter1( zfn);
++ ep = FnFilter2( efn);
++ prompt = (char *)malloc( /* Slightly too long (2* "%s"). */
++ sizeof( PasswPrompt)+ strlen( zp)+ strlen( ep));
++ if (prompt != (char *)NULL) {
++ sprintf(prompt, LoadFarString(PasswPrompt), zp, ep);
+ m = prompt;
+ } else
+ m = (char *)LoadFarString(PasswPrompt2);