From: Kamil Dudka Date: Tue, 22 Sep 2015 18:52:23 +0200 Subject: [PATCH] extract: prevent unsigned overflow on invalid input Origin: other, https://bugzilla.redhat.com/attachment.cgi?id=1075942 Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1260944 Suggested-by: Stefan Cornelius --- extract.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) --- a/extract.c +++ b/extract.c @@ -1257,8 +1257,17 @@ if (G.lrec.compression_method == STORED) { zusz_t csiz_decrypted = G.lrec.csize; - if (G.pInfo->encrypted) + if (G.pInfo->encrypted) { + if (csiz_decrypted <= 12) { + /* handle the error now to prevent unsigned overflow */ + Info(slide, 0x401, ((char *)slide, + LoadFarStringSmall(ErrUnzipNoFile), + LoadFarString(InvalidComprData), + LoadFarStringSmall2(Inflate))); + return PK_ERR; + } csiz_decrypted -= 12; + } if (G.lrec.ucsize != csiz_decrypted) { Info(slide, 0x401, ((char *)slide, LoadFarStringSmall2(WrnStorUCSizCSizDiff),