Mercurial > vanilla
comparison compression/unzip/CVE-2014-8139.patch @ 452:8c4366128400
compression/unzip: initial import, closes #1553
| author | David Demelier <markand@malikania.fr> |
|---|---|
| date | Sat, 06 Apr 2019 08:13:23 +0200 |
| parents | |
| children |
comparison
equal
deleted
inserted
replaced
| 451:bcfdaa03daa2 | 452:8c4366128400 |
|---|---|
| 1 --- a/extract.c | |
| 2 +++ b/extract.c | |
| 3 @@ -1,5 +1,5 @@ | |
| 4 /* | |
| 5 - Copyright (c) 1990-2009 Info-ZIP. All rights reserved. | |
| 6 + Copyright (c) 1990-2014 Info-ZIP. All rights reserved. | |
| 7 | |
| 8 See the accompanying file LICENSE, version 2009-Jan-02 or later | |
| 9 (the contents of which are also included in unzip.h) for terms of use. | |
| 10 @@ -298,6 +298,8 @@ | |
| 11 #ifndef SFX | |
| 12 static ZCONST char Far InconsistEFlength[] = "bad extra-field entry:\n \ | |
| 13 EF block length (%u bytes) exceeds remaining EF data (%u bytes)\n"; | |
| 14 + static ZCONST char Far TooSmallEBlength[] = "bad extra-field entry:\n \ | |
| 15 + EF block length (%u bytes) invalid (< %d)\n"; | |
| 16 static ZCONST char Far InvalidComprDataEAs[] = | |
| 17 " invalid compressed data for EAs\n"; | |
| 18 # if (defined(WIN32) && defined(NTSD_EAS)) | |
| 19 @@ -2032,7 +2034,8 @@ | |
| 20 ebID = makeword(ef); | |
| 21 ebLen = (unsigned)makeword(ef+EB_LEN); | |
| 22 | |
| 23 - if (ebLen > (ef_len - EB_HEADSIZE)) { | |
| 24 + if (ebLen > (ef_len - EB_HEADSIZE)) | |
| 25 + { | |
| 26 /* Discovered some extra field inconsistency! */ | |
| 27 if (uO.qflag) | |
| 28 Info(slide, 1, ((char *)slide, "%-22s ", | |
| 29 @@ -2167,11 +2170,29 @@ | |
| 30 } | |
| 31 break; | |
| 32 case EF_PKVMS: | |
| 33 - if (makelong(ef+EB_HEADSIZE) != | |
| 34 - crc32(CRCVAL_INITIAL, ef+(EB_HEADSIZE+4), | |
| 35 - (extent)(ebLen-4))) | |
| 36 - Info(slide, 1, ((char *)slide, | |
| 37 - LoadFarString(BadCRC_EAs))); | |
| 38 + /* 2015-01-30 SMS. Added sufficient-bytes test/message | |
| 39 + * here. (Removed defective ebLen test above.) | |
| 40 + * | |
| 41 + * If sufficient bytes (EB_PKVMS_MINLEN) are available, | |
| 42 + * then compare the stored CRC value with the calculated | |
| 43 + * CRC for the remainder of the data (and complain about | |
| 44 + * a mismatch). | |
| 45 + */ | |
| 46 + if (ebLen < EB_PKVMS_MINLEN) | |
| 47 + { | |
| 48 + /* Insufficient bytes available. */ | |
| 49 + Info( slide, 1, | |
| 50 + ((char *)slide, LoadFarString( TooSmallEBlength), | |
| 51 + ebLen, EB_PKVMS_MINLEN)); | |
| 52 + } | |
| 53 + else if (makelong(ef+ EB_HEADSIZE) != | |
| 54 + crc32(CRCVAL_INITIAL, | |
| 55 + (ef+ EB_HEADSIZE+ EB_PKVMS_MINLEN), | |
| 56 + (extent)(ebLen- EB_PKVMS_MINLEN))) | |
| 57 + { | |
| 58 + Info(slide, 1, ((char *)slide, | |
| 59 + LoadFarString(BadCRC_EAs))); | |
| 60 + } | |
| 61 break; | |
| 62 case EF_PKW32: | |
| 63 case EF_PKUNIX: | |
| 64 --- a/unzpriv.h | |
| 65 +++ b/unzpriv.h | |
| 66 @@ -1806,6 +1806,8 @@ | |
| 67 #define EB_NTSD_VERSION 4 /* offset of NTSD version byte */ | |
| 68 #define EB_NTSD_MAX_VER (0) /* maximum version # we know how to handle */ | |
| 69 | |
| 70 +#define EB_PKVMS_MINLEN 4 /* minimum data length of PKVMS extra block */ | |
| 71 + | |
| 72 #define EB_ASI_CRC32 0 /* offset of ASI Unix field's crc32 checksum */ | |
| 73 #define EB_ASI_MODE 4 /* offset of ASI Unix permission mode field */ | |
| 74 | |
| 75 |