* rebased llvm/hotfix-sparcv9-not-64.diff
[t2sde.git] / package / archiver / unzip / CVE-2021-4217.patch
bloba742cb87e4a6fd40ca005c1075773065030496d8
1 # --- T2-COPYRIGHT-NOTE-BEGIN ---
2 # T2 SDE: package/*/unzip/CVE-2021-4217.patch
3 # Copyright (C) 2022 The T2 SDE Project
4 #
5 # This Copyright note is generated by scripts/Create-CopyPatch,
6 # more information can be found in the files COPYING and README.
7 #
8 # This patch file is dual-licensed. It is available under the license the
9 # patched project is licensed under, as long as it is an OpenSource license
10 # as defined at http://www.opensource.org/ (e.g. BSD, X11) or under the terms
11 # of the GNU General Public License version 2 as used by the T2 SDE.
12 # --- T2-COPYRIGHT-NOTE-END ---
14 From 731d698377dbd1f5b1b90efeb8094602ed59fc40 Mon Sep 17 00:00:00 2001
15 From: Nils Bars <nils.bars@t-online.de>
16 Date: Mon, 17 Jan 2022 16:53:16 +0000
17 Subject: [PATCH] Fix null pointer dereference and use of uninitialized data
19 This fixes a bug that causes use of uninitialized heap data if `readbuf` fails
20 to read as many bytes as indicated by the extra field length attribute.
21 Furthermore, this fixes a null pointer dereference if an archive contains an
22 `EF_UNIPATH` extra field but does not have a filename set.
23 ---
24 fileio.c | 5 ++++-
25 process.c | 6 +++++-
26 2 files changed, 9 insertions(+), 2 deletions(-)
28 diff --git a/fileio.c b/fileio.c
29 index 6290824..95ea68b 100644
30 --- a/fileio.c
31 +++ b/fileio.c
32 @@ -2308,8 +2308,11 @@ int do_string(__G__ length, option) /* return PK-type error code */
33 seek_zipf(__G__ G.cur_zipfile_bufstart - G.extra_bytes +
34 (G.inptr-G.inbuf) + length);
35 } else {
36 - if (readbuf(__G__ (char *)G.extra_field, length) == 0)
37 + unsigned bytes_read = readbuf(__G__ (char *)G.extra_field, length);
38 + if (bytes_read == 0)
39 return PK_EOF;
40 + if (bytes_read != length)
41 + return PK_ERR;
42 /* Looks like here is where extra fields are read */
43 if (getZip64Data(__G__ G.extra_field, length) != PK_COOL)
45 diff --git a/process.c b/process.c
46 index d2a846e..cba2463 100644
47 --- a/process.c
48 +++ b/process.c
49 @@ -2064,10 +2064,14 @@ int getUnicodeData(__G__ ef_buf, ef_len)
50 G.unipath_checksum = makelong(offset + ef_buf);
51 offset += 4;
53 + if (!G.filename_full) {
54 + /* Check if we have a unicode extra section but no filename set */
55 + return PK_ERR;
56 + }
59 * Compute 32-bit crc
62 chksum = crc32(chksum, (uch *)(G.filename_full),
63 strlen(G.filename_full));
65 --
66 2.25.1