Browse code
Unzip : Fix CVE-2018-1000035
Change-Id: I1d2634643d4d308df924a61ab5a60b2034c15367
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/5210
Tested-by: gerrit-photon <photon-checkins@vmware.com>
Reviewed-by: Ashok Venkiteswaran
Xiaolin Li authored on 2018/05/30 08:57:34Showing 2 changed files
| 1 | 1 |
new file mode 100644 |
| ... | ... |
@@ -0,0 +1,30 @@ |
| 0 |
+diff --git a/fileio.c b/fileio.c |
|
| 1 |
+index a001dd4..4eb7e29 100644 |
|
| 2 |
+--- a/fileio.c |
|
| 3 |
+@@ -1580,7 +1580,8 @@ int UZ_EXP UzpPassword (pG, rcnt, pwbuf, size, zfn, efn) |
|
| 4 |
+ int r = IZ_PW_ENTERED; |
|
| 5 |
+ char *m; |
|
| 6 |
+ char *prompt; |
|
| 7 |
+- |
|
| 8 |
++ char *ep; |
|
| 9 |
++ char *zp; |
|
| 10 |
+ #ifndef REENTRANT |
|
| 11 |
+ /* tell picky compilers to shut up about "unused variable" warnings */ |
|
| 12 |
+ pG = pG; |
|
| 13 |
+@@ -1588,9 +1589,12 @@ int UZ_EXP UzpPassword (pG, rcnt, pwbuf, size, zfn, efn) |
|
| 14 |
+ |
|
| 15 |
+ if (*rcnt == 0) { /* First call for current entry */
|
|
| 16 |
+ *rcnt = 2; |
|
| 17 |
+- if ((prompt = (char *)malloc(2*FILNAMSIZ + 15)) != (char *)NULL) {
|
|
| 18 |
+- sprintf(prompt, LoadFarString(PasswPrompt), |
|
| 19 |
+- FnFilter1(zfn), FnFilter2(efn)); |
|
| 20 |
++ zp = FnFilter1( zfn); |
|
| 21 |
++ ep = FnFilter2( efn); |
|
| 22 |
++ prompt = (char *)malloc( /* Slightly too long (2* "%s"). */ |
|
| 23 |
++ sizeof( PasswPrompt)+ strlen( zp)+ strlen( ep)); |
|
| 24 |
++ if (prompt != (char *)NULL) {
|
|
| 25 |
++ sprintf(prompt, LoadFarString(PasswPrompt), zp, ep); |
|
| 26 |
+ m = prompt; |
|
| 27 |
+ } else |
|
| 28 |
+ m = (char *)LoadFarString(PasswPrompt2); |
| ... | ... |
@@ -4,7 +4,7 @@ |
| 4 | 4 |
Summary: Unzip-6.0 |
| 5 | 5 |
Name: unzip |
| 6 | 6 |
Version: 6.0 |
| 7 |
-Release: 8%{?dist}
|
|
| 7 |
+Release: 9%{?dist}
|
|
| 8 | 8 |
License: BSD |
| 9 | 9 |
URL: http://www.gnu.org/software/%{name}
|
| 10 | 10 |
Source0: http://downloads.sourceforge.net/infozip/unzip60.tar.gz |
| ... | ... |
@@ -18,6 +18,7 @@ Patch1: cve-2015-1315.patch |
| 18 | 18 |
Patch2: CVE-2015-7696-CVE-2015-7697.patch |
| 19 | 19 |
Patch3: unzip-CVE-2014-9844.patch |
| 20 | 20 |
Patch4: unzip-CVE-2014-9913.patch |
| 21 |
+Patch5: unzip-CVE-2018-1000035.patch |
|
| 21 | 22 |
|
| 22 | 23 |
%description |
| 23 | 24 |
The UnZip package contains ZIP extraction utilities. These are useful |
| ... | ... |
@@ -31,6 +32,7 @@ with PKZIP or Info-ZIP utilities, primarily in a DOS environment. |
| 31 | 31 |
%patch2 -p1 |
| 32 | 32 |
%patch3 -p1 |
| 33 | 33 |
%patch4 -p1 |
| 34 |
+%patch5 -p1 |
|
| 34 | 35 |
|
| 35 | 36 |
%build |
| 36 | 37 |
case `uname -m` in |
| ... | ... |
@@ -61,6 +63,8 @@ make -k check |& tee %{_specdir}/%{name}-check-log || %{nocheck}
|
| 61 | 61 |
%{_bindir}/*
|
| 62 | 62 |
|
| 63 | 63 |
%changelog |
| 64 |
+* Tue May 29 2018 Xiaolin Li <xiaolinl@vmware.com> 6.0-9 |
|
| 65 |
+- Fix CVE-2018-1000035 |
|
| 64 | 66 |
* Fri Oct 20 2017 Xiaolin Li <xiaolinl@vmware.com> 6.0-8 |
| 65 | 67 |
- Fix CVE-2014-9844, CVE-2014-9913 |
| 66 | 68 |
* Wed Nov 30 2016 Dheeraj Shetty <dheerajs@vmware.com> 6.0-7 |