Mercurial > vanilla
annotate compression/unzip/CVE-2014-8141.patch @ 1020:d244c7aebf8a
text/jansson: rename from lib/jansson
author | David Demelier <markand@malikania.fr> |
---|---|
date | Thu, 29 Aug 2019 23:40:00 +0200 |
parents | 8c4366128400 |
children |
rev | line source |
---|---|
452
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
1 From RedHat: https://bugzilla.redhat.com/attachment.cgi?id=969625&action=diff |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
2 (unzip60/ path prefix added) |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
3 |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
4 --- unzip60/process.c 2009-03-06 02:25:10.000000000 +0100 |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
5 +++ unzip60/process.c 2014-12-05 22:42:39.000000000 +0100 |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
6 @@ -1,5 +1,5 @@ |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
7 /* |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
8 - Copyright (c) 1990-2009 Info-ZIP. All rights reserved. |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
9 + Copyright (c) 1990-2014 Info-ZIP. All rights reserved. |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
10 |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
11 See the accompanying file LICENSE, version 2009-Jan-02 or later |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
12 (the contents of which are also included in unzip.h) for terms of use. |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
13 @@ -1888,48 +1888,82 @@ int getZip64Data(__G__ ef_buf, ef_len) |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
14 and a 4-byte version of disk start number. |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
15 Sets both local header and central header fields. Not terribly clever, |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
16 but it means that this procedure is only called in one place. |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
17 + |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
18 + 2014-12-05 SMS. |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
19 + Added checks to ensure that enough data are available before calling |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
20 + makeint64() or makelong(). Replaced various sizeof() values with |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
21 + simple ("4" or "8") constants. (The Zip64 structures do not depend |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
22 + on our variable sizes.) Error handling is crude, but we should now |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
23 + stay within the buffer. |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
24 ---------------------------------------------------------------------------*/ |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
25 |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
26 +#define Z64FLGS 0xffff |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
27 +#define Z64FLGL 0xffffffff |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
28 + |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
29 if (ef_len == 0 || ef_buf == NULL) |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
30 return PK_COOL; |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
31 |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
32 Trace((stderr,"\ngetZip64Data: scanning extra field of length %u\n", |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
33 ef_len)); |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
34 |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
35 - while (ef_len >= EB_HEADSIZE) { |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
36 + while (ef_len >= EB_HEADSIZE) |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
37 + { |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
38 eb_id = makeword(EB_ID + ef_buf); |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
39 eb_len = makeword(EB_LEN + ef_buf); |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
40 |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
41 - if (eb_len > (ef_len - EB_HEADSIZE)) { |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
42 - /* discovered some extra field inconsistency! */ |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
43 + if (eb_len > (ef_len - EB_HEADSIZE)) |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
44 + { |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
45 + /* Extra block length exceeds remaining extra field length. */ |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
46 Trace((stderr, |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
47 "getZip64Data: block length %u > rest ef_size %u\n", eb_len, |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
48 ef_len - EB_HEADSIZE)); |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
49 break; |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
50 } |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
51 - if (eb_id == EF_PKSZ64) { |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
52 - |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
53 + if (eb_id == EF_PKSZ64) |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
54 + { |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
55 int offset = EB_HEADSIZE; |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
56 |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
57 - if (G.crec.ucsize == 0xffffffff || G.lrec.ucsize == 0xffffffff){ |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
58 - G.lrec.ucsize = G.crec.ucsize = makeint64(offset + ef_buf); |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
59 - offset += sizeof(G.crec.ucsize); |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
60 + if ((G.crec.ucsize == Z64FLGL) || (G.lrec.ucsize == Z64FLGL)) |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
61 + { |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
62 + if (offset+ 8 > ef_len) |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
63 + return PK_ERR; |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
64 + |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
65 + G.crec.ucsize = G.lrec.ucsize = makeint64(offset + ef_buf); |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
66 + offset += 8; |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
67 } |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
68 - if (G.crec.csize == 0xffffffff || G.lrec.csize == 0xffffffff){ |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
69 - G.csize = G.lrec.csize = G.crec.csize = makeint64(offset + ef_buf); |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
70 - offset += sizeof(G.crec.csize); |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
71 + |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
72 + if ((G.crec.csize == Z64FLGL) || (G.lrec.csize == Z64FLGL)) |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
73 + { |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
74 + if (offset+ 8 > ef_len) |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
75 + return PK_ERR; |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
76 + |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
77 + G.csize = G.crec.csize = G.lrec.csize = makeint64(offset + ef_buf); |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
78 + offset += 8; |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
79 } |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
80 - if (G.crec.relative_offset_local_header == 0xffffffff){ |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
81 + |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
82 + if (G.crec.relative_offset_local_header == Z64FLGL) |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
83 + { |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
84 + if (offset+ 8 > ef_len) |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
85 + return PK_ERR; |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
86 + |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
87 G.crec.relative_offset_local_header = makeint64(offset + ef_buf); |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
88 - offset += sizeof(G.crec.relative_offset_local_header); |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
89 + offset += 8; |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
90 } |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
91 - if (G.crec.disk_number_start == 0xffff){ |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
92 + |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
93 + if (G.crec.disk_number_start == Z64FLGS) |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
94 + { |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
95 + if (offset+ 4 > ef_len) |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
96 + return PK_ERR; |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
97 + |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
98 G.crec.disk_number_start = (zuvl_t)makelong(offset + ef_buf); |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
99 - offset += sizeof(G.crec.disk_number_start); |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
100 + offset += 4; |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
101 } |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
102 +#if 0 |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
103 + break; /* Expect only one EF_PKSZ64 block. */ |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
104 +#endif /* 0 */ |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
105 } |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
106 |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
107 - /* Skip this extra field block */ |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
108 + /* Skip this extra field block. */ |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
109 ef_buf += (eb_len + EB_HEADSIZE); |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
110 ef_len -= (eb_len + EB_HEADSIZE); |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
111 } |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
112 --- unzip60/fileio.c 2009-04-20 02:03:44.000000000 +0200 |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
113 +++ unzip60/fileio.c 2014-12-05 22:44:16.000000000 +0100 |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
114 @@ -176,6 +176,8 @@ static ZCONST char Far FilenameTooLongTr |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
115 #endif |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
116 static ZCONST char Far ExtraFieldTooLong[] = |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
117 "warning: extra field too long (%d). Ignoring...\n"; |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
118 +static ZCONST char Far ExtraFieldCorrupt[] = |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
119 + "warning: extra field (type: 0x%04x) corrupt. Continuing...\n"; |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
120 |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
121 #ifdef WINDLL |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
122 static ZCONST char Far DiskFullQuery[] = |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
123 @@ -2295,7 +2297,12 @@ int do_string(__G__ length, option) /* |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
124 if (readbuf(__G__ (char *)G.extra_field, length) == 0) |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
125 return PK_EOF; |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
126 /* Looks like here is where extra fields are read */ |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
127 - getZip64Data(__G__ G.extra_field, length); |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
128 + if (getZip64Data(__G__ G.extra_field, length) != PK_COOL) |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
129 + { |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
130 + Info(slide, 0x401, ((char *)slide, |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
131 + LoadFarString( ExtraFieldCorrupt), EF_PKSZ64)); |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
132 + error = PK_WARN; |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
133 + } |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
134 #ifdef UNICODE_SUPPORT |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
135 G.unipath_filename = NULL; |
8c4366128400
compression/unzip: initial import, closes #1553
David Demelier <markand@malikania.fr>
parents:
diff
changeset
|
136 if (G.UzO.U_flag < 2) { |