Dash:
[t2.git] / package / archiver / unzip / CVE-2018-1000035.patch
blob15375a3ab95f7f038d512245402542cacb17b286
1 # --- T2-COPYRIGHT-NOTE-BEGIN ---
2 # T2 SDE: package/*/unzip/CVE-2018-1000035.patch
3 # Copyright (C) 2021 The T2 SDE Project
4 #
5 # This Copyright note is generated by scripts/Create-CopyPatch,
6 # more information can be found in the files COPYING and README.
7 #
8 # This patch file is dual-licensed. It is available under the license the
9 # patched project is licensed under, as long as it is an OpenSource license
10 # as defined at http://www.opensource.org/ (e.g. BSD, X11) or under the terms
11 # of the GNU General Public License version 2 as used by the T2 SDE.
12 # --- T2-COPYRIGHT-NOTE-END ---
14 --- a/fileio.c 2014-12-05 05:06:05 -0600
15 +++ b/fileio.c 2017-11-14 01:06:28 -0600
16 @@ -1,5 +1,5 @@
18 - Copyright (c) 1990-2009 Info-ZIP. All rights reserved.
19 + Copyright (c) 1990-2017 Info-ZIP. All rights reserved.
21 See the accompanying file LICENSE, version 2009-Jan-02 or later
22 (the contents of which are also included in unzip.h) for terms of use.
23 @@ -1582,6 +1582,8 @@
24 int r = IZ_PW_ENTERED;
25 char *m;
26 char *prompt;
27 + char *ep;
28 + char *zp;
30 #ifndef REENTRANT
31 /* tell picky compilers to shut up about "unused variable" warnings */
32 @@ -1590,9 +1592,12 @@
34 if (*rcnt == 0) { /* First call for current entry */
35 *rcnt = 2;
36 - if ((prompt = (char *)malloc(2*FILNAMSIZ + 15)) != (char *)NULL) {
37 - sprintf(prompt, LoadFarString(PasswPrompt),
38 - FnFilter1(zfn), FnFilter2(efn));
39 + zp = FnFilter1( zfn);
40 + ep = FnFilter2( efn);
41 + prompt = (char *)malloc( /* Slightly too long (2* "%s"). */
42 + sizeof( PasswPrompt)+ strlen( zp)+ strlen( ep));
43 + if (prompt != (char *)NULL) {
44 + sprintf(prompt, LoadFarString(PasswPrompt), zp, ep);
45 m = prompt;
46 } else
47 m = (char *)LoadFarString(PasswPrompt2);