Files
shredos.x86_64/package/zip/0010-buffer-overflow-cve-2018-13410.patch
2026-01-06 22:53:29 +00:00

26 lines
992 B
Diff

From: Florent 'Skia' Jacquet <florent.jacquet@canonical.com>
Subject: Fix buffer overflow when using '-T -TT'
Bug-Debian: https://bugs.debian.org/1093629
Bug-Ubuntu: https://launchpad.net/bugs/2093024
Forwarded: https://sourceforge.net/p/infozip/bugs/81/
strlen(unzip_path) + strlen(zipname) + " " + "'" + "'" + '\0'
The additional space required in the `cmd` buffer is 4, not 3.
CVE: CVE-2018-13410
Upstream: https://sources.debian.org/src/zip/3.0-15/debian/patches/15-buffer-overflow-cve-2018-13410.patch
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
---
diff -Nura a/zip.c b/zip.c
--- a/zip.c
+++ b/zip.c
@@ -1437,7 +1437,7 @@
/* Replace first {} with archive name. If no {} append name to string. */
here = strstr(unzip_path, "{}");
- if ((cmd = malloc(strlen(unzip_path) + strlen(zipname) + 3)) == NULL) {
+ if ((cmd = malloc(strlen(unzip_path) + strlen(zipname) + 4)) == NULL) {
ziperr(ZE_MEM, "building command string for testing archive");
}