diff options
| author | Mark H Weaver <mhw@netris.org> | 2014-12-30 14:46:21 -0500 |
|---|---|---|
| committer | Mark H Weaver <mhw@netris.org> | 2014-12-30 14:48:13 -0500 |
| commit | e5da2f38c3ca8d4626c1b87e045d00d28c1bf4d0 (patch) | |
| tree | e033809b82b840dc259b7d1a430cf32edb17b02a /gnu/packages/patches/unzip-CVE-2014-8139.patch | |
| parent | c7bdc7ece5650be75314dc302f3cdcf02806857b (diff) | |
gnu: unzip: Add fixes for CVE-2014-{8139,8140,8141}.
* gnu/packages/patches/unzip-CVE-2014-8139.patch,
gnu/packages/patches/unzip-CVE-2014-8140.patch,
gnu/packages/patches/unzip-CVE-2014-8141.patch: New files.
* gnu-system.am (dist_patch_DATA): Add them.
* gnu/packages/zip.scm (unzip): Add patches.
Diffstat (limited to 'gnu/packages/patches/unzip-CVE-2014-8139.patch')
| -rw-r--r-- | gnu/packages/patches/unzip-CVE-2014-8139.patch | 49 |
1 files changed, 49 insertions, 0 deletions
diff --git a/gnu/packages/patches/unzip-CVE-2014-8139.patch b/gnu/packages/patches/unzip-CVE-2014-8139.patch new file mode 100644 index 0000000000..433efd1aaf --- /dev/null +++ b/gnu/packages/patches/unzip-CVE-2014-8139.patch @@ -0,0 +1,49 @@ +From: sms +Subject: Fix CVE-2014-8139: CRC32 verification heap-based overflow +Bug-Debian: http://bugs.debian.org/773722 + +--- a/extract.c ++++ b/extract.c +@@ -1,5 +1,5 @@ + /* +- Copyright (c) 1990-2009 Info-ZIP. All rights reserved. ++ Copyright (c) 1990-2014 Info-ZIP. All rights reserved. + + See the accompanying file LICENSE, version 2009-Jan-02 or later + (the contents of which are also included in unzip.h) for terms of use. +@@ -298,6 +298,8 @@ + #ifndef SFX + static ZCONST char Far InconsistEFlength[] = "bad extra-field entry:\n \ + EF block length (%u bytes) exceeds remaining EF data (%u bytes)\n"; ++ static ZCONST char Far TooSmallEFlength[] = "bad extra-field entry:\n \ ++ EF block length (%u bytes) invalid (< %d)\n"; + static ZCONST char Far InvalidComprDataEAs[] = + " invalid compressed data for EAs\n"; + # if (defined(WIN32) && defined(NTSD_EAS)) +@@ -2023,7 +2025,8 @@ + ebID = makeword(ef); + ebLen = (unsigned)makeword(ef+EB_LEN); + +- if (ebLen > (ef_len - EB_HEADSIZE)) { ++ if (ebLen > (ef_len - EB_HEADSIZE)) ++ { + /* Discovered some extra field inconsistency! */ + if (uO.qflag) + Info(slide, 1, ((char *)slide, "%-22s ", +@@ -2032,6 +2035,16 @@ + ebLen, (ef_len - EB_HEADSIZE))); + return PK_ERR; + } ++ else if (ebLen < EB_HEADSIZE) ++ { ++ /* Extra block length smaller than header length. */ ++ if (uO.qflag) ++ Info(slide, 1, ((char *)slide, "%-22s ", ++ FnFilter1(G.filename))); ++ Info(slide, 1, ((char *)slide, LoadFarString(TooSmallEFlength), ++ ebLen, EB_HEADSIZE)); ++ return PK_ERR; ++ } + + switch (ebID) { + case EF_OS2: |