diff options
| author | Leo Famulari <leo@famulari.name> | 2017-06-14 16:34:10 -0400 |
|---|---|---|
| committer | Leo Famulari <leo@famulari.name> | 2017-06-15 11:12:02 -0400 |
| commit | 0c5a8007fe3cfc792bf5f692342a84165f706441 (patch) | |
| tree | 6b62e65e6c063f37a2853fd0161ba5c4eb2ec446 /gnu/packages/patches/zziplib-CVE-2017-5978.patch | |
| parent | db90eb8c2bd447ab53bed80e5b0ea5105a928cdf (diff) | |
| download | guix-patches-0c5a8007fe3cfc792bf5f692342a84165f706441.tar guix-patches-0c5a8007fe3cfc792bf5f692342a84165f706441.tar.gz | |
gnu: zziplib: Fix CVE-2017-{5974,5975,5976,5978,5979,5981}.
* gnu/packages/patches/zziplib-CVE-2017-5974.patch,
gnu/packages/patches/zziplib-CVE-2017-5975.patch,
gnu/packages/patches/zziplib-CVE-2017-5976.patch,
gnu/packages/patches/zziplib-CVE-2017-5978.patch,
gnu/packages/patches/zziplib-CVE-2017-5979.patch,
gnu/packages/patches/zziplib-CVE-2017-5981.patch: New files.
* gnu/local.mk (dist_patch_DATA): Add them.
* gnu/packages/zip.scm (zziplib)[source]: Use them.
Diffstat (limited to 'gnu/packages/patches/zziplib-CVE-2017-5978.patch')
| -rw-r--r-- | gnu/packages/patches/zziplib-CVE-2017-5978.patch | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/gnu/packages/patches/zziplib-CVE-2017-5978.patch b/gnu/packages/patches/zziplib-CVE-2017-5978.patch new file mode 100644 index 0000000000..452b14f804 --- /dev/null +++ b/gnu/packages/patches/zziplib-CVE-2017-5978.patch @@ -0,0 +1,37 @@ +Fix CVE-2017-5978: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5978 + +Patch copied from Debian. + +Index: zziplib-0.13.62/zzip/memdisk.c +=================================================================== +--- zziplib-0.13.62.orig/zzip/memdisk.c ++++ zziplib-0.13.62/zzip/memdisk.c +@@ -180,7 +180,7 @@ zzip_mem_entry_new(ZZIP_DISK * disk, ZZI + * that exists in the other, ... but we will prefer the disk entry. + */ + item->zz_comment = zzip_disk_entry_strdup_comment(disk, entry); +- item->zz_name = zzip_disk_entry_strdup_name(disk, entry); ++ item->zz_name = zzip_disk_entry_strdup_name(disk, entry) ?: strdup(""); + item->zz_data = zzip_file_header_to_data(header); + item->zz_flags = zzip_disk_entry_get_flags(entry); + item->zz_compr = zzip_disk_entry_get_compr(entry); +@@ -197,7 +197,7 @@ zzip_mem_entry_new(ZZIP_DISK * disk, ZZI + int /* */ ext2 = zzip_file_header_get_extras(header); + char *_zzip_restrict ptr2 = zzip_file_header_to_extras(header); + +- if (ext1) ++ if (ext1 && ((ptr1 + ext1) < disk->endbuf)) + { + void *mem = malloc(ext1 + 2); + item->zz_ext[1] = mem; +@@ -206,7 +206,7 @@ zzip_mem_entry_new(ZZIP_DISK * disk, ZZI + ((char *) (mem))[ext1 + 0] = 0; + ((char *) (mem))[ext1 + 1] = 0; + } +- if (ext2) ++ if (ext2 && ((ptr2 + ext2) < disk->endbuf)) + { + void *mem = malloc(ext2 + 2); + item->zz_ext[2] = mem; |