diff options
author | André Fabian Silva Delgado <emulatorman@parabola.nu> | 2015-11-04 00:07:04 -0300 |
---|---|---|
committer | André Fabian Silva Delgado <emulatorman@parabola.nu> | 2015-11-04 00:16:36 -0300 |
commit | e143bf83e626231284b6872226b7a83111d6fe36 (patch) | |
tree | 9e296f66c805b869bf250d3867368377ccc768ab /libre/unzip/nextbyte-overflow.patch | |
parent | 61d267c8d050d81221da8c3f935c79700f81c869 (diff) | |
download | abslibre-e143bf83e626231284b6872226b7a83111d6fe36.tar.gz abslibre-e143bf83e626231284b6872226b7a83111d6fe36.tar.bz2 abslibre-e143bf83e626231284b6872226b7a83111d6fe36.zip |
unzip-6.0-11.parabola1: fix FS#46955 -> https://bugs.archlinux.org/task/46955
Diffstat (limited to 'libre/unzip/nextbyte-overflow.patch')
-rw-r--r-- | libre/unzip/nextbyte-overflow.patch | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/libre/unzip/nextbyte-overflow.patch b/libre/unzip/nextbyte-overflow.patch new file mode 100644 index 000000000..91482dae0 --- /dev/null +++ b/libre/unzip/nextbyte-overflow.patch @@ -0,0 +1,33 @@ +From: Petr Stodulka <pstodulk@redhat.com> +Date: Mon, 14 Sep 2015 18:23:17 +0200 +Subject: Upstream fix for heap overflow +Bug-Debian: https://bugs.debian.org/802162 +Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1260944 +Origin: https://bugzilla.redhat.com/attachment.cgi?id=1073002 +Forwarded: yes + +--- + crypt.c | 12 +++++++++++- + 1 file changed, 11 insertions(+), 1 deletion(-) + +--- a/crypt.c ++++ b/crypt.c +@@ -465,7 +465,17 @@ + GLOBAL(pInfo->encrypted) = FALSE; + defer_leftover_input(__G); + for (n = 0; n < RAND_HEAD_LEN; n++) { +- b = NEXTBYTE; ++ /* 2012-11-23 SMS. (OUSPG report.) ++ * Quit early if compressed size < HEAD_LEN. The resulting ++ * error message ("unable to get password") could be improved, ++ * but it's better than trying to read nonexistent data, and ++ * then continuing with a negative G.csize. (See ++ * fileio.c:readbyte()). ++ */ ++ if ((b = NEXTBYTE) == (ush)EOF) ++ { ++ return PK_ERR; ++ } + h[n] = (uch)b; + Trace((stdout, " (%02x)", h[n])); + } |