4e76995571
fixes for CVE-2017-5974, CVE-2017-5975, CVE-2017-5976, CVE-2017-5978, CVE-2017-5979, CVE-2017-5980 and CVE-2017-5981. Patches from SuSe via https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854727#35
27 lines
1.1 KiB
Diff
27 lines
1.1 KiB
Diff
Index: zziplib-0.13.62/zzip/memdisk.c
|
|
===================================================================
|
|
--- zzip/memdisk.c
|
|
+++ zzip/memdisk.c
|
|
@@ -173,6 +173,8 @@ zzip_mem_entry_new(ZZIP_DISK * disk, ZZI
|
|
return 0; /* errno=ENOMEM; */
|
|
___ struct zzip_file_header *header =
|
|
zzip_disk_entry_to_file_header(disk, entry);
|
|
+ if (!header)
|
|
+ { free(item); return 0; }
|
|
/* there is a number of duplicated information in the file header
|
|
* or the disk entry block. Theoretically some part may be missing
|
|
* that exists in the other, ... but we will prefer the disk entry.
|
|
Index: zziplib-0.13.62/zzip/mmapped.c
|
|
===================================================================
|
|
--- zzip/mmapped.c
|
|
+++ zzip/mmapped.c
|
|
@@ -289,6 +289,8 @@ zzip_disk_entry_to_file_header(ZZIP_DISK
|
|
(disk->buffer + zzip_disk_entry_fileoffset(entry));
|
|
if (disk->buffer > file_header || file_header >= disk->endbuf)
|
|
return 0;
|
|
+ if (ZZIP_GET32(file_header) != ZZIP_FILE_HEADER_MAGIC)
|
|
+ return 0;
|
|
return (struct zzip_file_header *) file_header;
|
|
}
|
|
|