Mercurial > vanilla
comparison compression/unzip/CVE-2014-8139.patch @ 452:8c4366128400
compression/unzip: initial import, closes #1553
author | David Demelier <markand@malikania.fr> |
---|---|
date | Sat, 06 Apr 2019 08:13:23 +0200 |
parents | |
children |
comparison
equal
deleted
inserted
replaced
451:bcfdaa03daa2 | 452:8c4366128400 |
---|---|
1 --- a/extract.c | |
2 +++ b/extract.c | |
3 @@ -1,5 +1,5 @@ | |
4 /* | |
5 - Copyright (c) 1990-2009 Info-ZIP. All rights reserved. | |
6 + Copyright (c) 1990-2014 Info-ZIP. All rights reserved. | |
7 | |
8 See the accompanying file LICENSE, version 2009-Jan-02 or later | |
9 (the contents of which are also included in unzip.h) for terms of use. | |
10 @@ -298,6 +298,8 @@ | |
11 #ifndef SFX | |
12 static ZCONST char Far InconsistEFlength[] = "bad extra-field entry:\n \ | |
13 EF block length (%u bytes) exceeds remaining EF data (%u bytes)\n"; | |
14 + static ZCONST char Far TooSmallEBlength[] = "bad extra-field entry:\n \ | |
15 + EF block length (%u bytes) invalid (< %d)\n"; | |
16 static ZCONST char Far InvalidComprDataEAs[] = | |
17 " invalid compressed data for EAs\n"; | |
18 # if (defined(WIN32) && defined(NTSD_EAS)) | |
19 @@ -2032,7 +2034,8 @@ | |
20 ebID = makeword(ef); | |
21 ebLen = (unsigned)makeword(ef+EB_LEN); | |
22 | |
23 - if (ebLen > (ef_len - EB_HEADSIZE)) { | |
24 + if (ebLen > (ef_len - EB_HEADSIZE)) | |
25 + { | |
26 /* Discovered some extra field inconsistency! */ | |
27 if (uO.qflag) | |
28 Info(slide, 1, ((char *)slide, "%-22s ", | |
29 @@ -2167,11 +2170,29 @@ | |
30 } | |
31 break; | |
32 case EF_PKVMS: | |
33 - if (makelong(ef+EB_HEADSIZE) != | |
34 - crc32(CRCVAL_INITIAL, ef+(EB_HEADSIZE+4), | |
35 - (extent)(ebLen-4))) | |
36 - Info(slide, 1, ((char *)slide, | |
37 - LoadFarString(BadCRC_EAs))); | |
38 + /* 2015-01-30 SMS. Added sufficient-bytes test/message | |
39 + * here. (Removed defective ebLen test above.) | |
40 + * | |
41 + * If sufficient bytes (EB_PKVMS_MINLEN) are available, | |
42 + * then compare the stored CRC value with the calculated | |
43 + * CRC for the remainder of the data (and complain about | |
44 + * a mismatch). | |
45 + */ | |
46 + if (ebLen < EB_PKVMS_MINLEN) | |
47 + { | |
48 + /* Insufficient bytes available. */ | |
49 + Info( slide, 1, | |
50 + ((char *)slide, LoadFarString( TooSmallEBlength), | |
51 + ebLen, EB_PKVMS_MINLEN)); | |
52 + } | |
53 + else if (makelong(ef+ EB_HEADSIZE) != | |
54 + crc32(CRCVAL_INITIAL, | |
55 + (ef+ EB_HEADSIZE+ EB_PKVMS_MINLEN), | |
56 + (extent)(ebLen- EB_PKVMS_MINLEN))) | |
57 + { | |
58 + Info(slide, 1, ((char *)slide, | |
59 + LoadFarString(BadCRC_EAs))); | |
60 + } | |
61 break; | |
62 case EF_PKW32: | |
63 case EF_PKUNIX: | |
64 --- a/unzpriv.h | |
65 +++ b/unzpriv.h | |
66 @@ -1806,6 +1806,8 @@ | |
67 #define EB_NTSD_VERSION 4 /* offset of NTSD version byte */ | |
68 #define EB_NTSD_MAX_VER (0) /* maximum version # we know how to handle */ | |
69 | |
70 +#define EB_PKVMS_MINLEN 4 /* minimum data length of PKVMS extra block */ | |
71 + | |
72 #define EB_ASI_CRC32 0 /* offset of ASI Unix field's crc32 checksum */ | |
73 #define EB_ASI_MODE 4 /* offset of ASI Unix permission mode field */ | |
74 | |
75 |