* rebased llvm/hotfix-sparcv9-not-64.diff
[t2sde.git] / package / archiver / unzip / CVE-2014-9636.patch
blob646bf8d33c876dd27f55eaf0d4edbdfa7a2d538f
1 # --- T2-COPYRIGHT-NOTE-BEGIN ---
2 # T2 SDE: package/*/unzip/CVE-2014-9636.patch
3 # Copyright (C) 2022 The T2 SDE Project
4 #
5 # This Copyright note is generated by scripts/Create-CopyPatch,
6 # more information can be found in the files COPYING and README.
7 #
8 # This patch file is dual-licensed. It is available under the license the
9 # patched project is licensed under, as long as it is an OpenSource license
10 # as defined at http://www.opensource.org/ (e.g. BSD, X11) or under the terms
11 # of the GNU General Public License version 2 as used by the T2 SDE.
12 # --- T2-COPYRIGHT-NOTE-END ---
14 From 190040ebfcf5395a6ccedede2cc9343d34f0a108 Mon Sep 17 00:00:00 2001
15 From: mancha <mancha1 AT zoho DOT com>
16 Date: Wed, 11 Feb 2015
17 Subject: Info-ZIP UnZip buffer overflow
19 By carefully crafting a corrupt ZIP archive with "extra fields" that
20 purport to have compressed blocks larger than the corresponding
21 uncompressed blocks in STORED no-compression mode, an attacker can
22 trigger a heap overflow that can result in application crash or
23 possibly have other unspecified impact.
25 This patch ensures that when extra fields use STORED mode, the
26 "compressed" and uncompressed block sizes match.
28 ---
29 extract.c | 8 ++++++++
30 1 file changed, 8 insertions(+)
32 --- a/extract.c
33 +++ b/extract.c
34 @@ -2217,6 +2217,7 @@ static int test_compr_eb(__G__ eb, eb_si
35 ulg eb_ucsize;
36 uch *eb_ucptr;
37 int r;
38 + ush method;
40 if (compr_offset < 4) /* field is not compressed: */
41 return PK_OK; /* do nothing and signal OK */
42 @@ -2226,6 +2227,13 @@ static int test_compr_eb(__G__ eb, eb_si
43 eb_size <= (compr_offset + EB_CMPRHEADLEN)))
44 return IZ_EF_TRUNC; /* no compressed data! */
46 + method = makeword(eb + (EB_HEADSIZE + compr_offset));
47 + if ((method == STORED) &&
48 + (eb_size - compr_offset - EB_CMPRHEADLEN != eb_ucsize))
49 + return PK_ERR; /* compressed & uncompressed
50 + * should match in STORED
51 + * method */
53 if (
54 #ifdef INT_16BIT
55 (((ulg)(extent)eb_ucsize) != eb_ucsize) ||