mirror of
https://github.com/PartialVolume/shredos.x86_64.git
synced 2026-02-20 09:35:26 +00:00
26 lines
992 B
Diff
26 lines
992 B
Diff
From: Florent 'Skia' Jacquet <florent.jacquet@canonical.com>
|
|
Subject: Fix buffer overflow when using '-T -TT'
|
|
Bug-Debian: https://bugs.debian.org/1093629
|
|
Bug-Ubuntu: https://launchpad.net/bugs/2093024
|
|
Forwarded: https://sourceforge.net/p/infozip/bugs/81/
|
|
|
|
strlen(unzip_path) + strlen(zipname) + " " + "'" + "'" + '\0'
|
|
The additional space required in the `cmd` buffer is 4, not 3.
|
|
|
|
CVE: CVE-2018-13410
|
|
Upstream: https://sources.debian.org/src/zip/3.0-15/debian/patches/15-buffer-overflow-cve-2018-13410.patch
|
|
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
|
|
---
|
|
diff -Nura a/zip.c b/zip.c
|
|
--- a/zip.c
|
|
+++ b/zip.c
|
|
@@ -1437,7 +1437,7 @@
|
|
/* Replace first {} with archive name. If no {} append name to string. */
|
|
here = strstr(unzip_path, "{}");
|
|
|
|
- if ((cmd = malloc(strlen(unzip_path) + strlen(zipname) + 3)) == NULL) {
|
|
+ if ((cmd = malloc(strlen(unzip_path) + strlen(zipname) + 4)) == NULL) {
|
|
ziperr(ZE_MEM, "building command string for testing archive");
|
|
}
|
|
|