openwrt-mirror/packages
1
0
Fork 0
mirror of https://github.com/openwrt/packages.git synced 2025-12-21 23:34:31 +04:00
Code Issues Packages Projects Releases Wiki Activity
Files
0746327c62714c92d7c969db8e18d74c042944b3
packages/utils/unzip/patches/0001-fix-heap-based-buffer-overflow-in-the-CRC32-verifica.patch
Florian Eckert f9e7e2db94 unzip: add valid patche headers and missing CVE informations 
This commit adds a valid git patch header for each patch, so that
additional information can be stored. This is in this case and 'CVE:' tag.
This can be used by CVE scanner to find out if the patch fixes a CVE.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2025-09-08 09:23:42 +02:00

67 lines
2.4 KiB
Diff
Raw Blame History

From 170eddb01887e61a581ed1ac78aff05a476bbe59 Mon Sep 17 00:00:00 2001
From: OpenWrt community <openwrt-devel@lists.openwrt.org>
Date: Mon, 30 Oct 2023 14:37:54 +0100
Subject: [PATCH] fix: heap-based buffer overflow in the CRC32
verification
https://nvd.nist.gov/vuln/detail/CVE-2014-8139
CVE: CVE-2014-8139
---
extract.c | 17 ++++++++++++++---
1 file changed, 14 insertions(+), 3 deletions(-)
diff --git a/extract.c b/extract.c
index 1acd769..df0fa1c 100644
--- a/extract.c
+++ b/extract.c
@@ -1,5 +1,5 @@
/*
- Copyright (c) 1990-2009 Info-ZIP. All rights reserved.
+ Copyright (c) 1990-2014 Info-ZIP. All rights reserved.
See the accompanying file LICENSE, version 2009-Jan-02 or later
(the contents of which are also included in unzip.h) for terms of use.
@@ -298,6 +298,8 @@ char ZCONST Far TruncNTSD[] =
#ifndef SFX
static ZCONST char Far InconsistEFlength[] = "bad extra-field entry:\n \
EF block length (%u bytes) exceeds remaining EF data (%u bytes)\n";
+ static ZCONST char Far TooSmallEBlength[] = "bad extra-field entry:\n \
+ EF block length (%u bytes) invalid (< %d)\n";
static ZCONST char Far InvalidComprDataEAs[] =
" invalid compressed data for EAs\n";
# if (defined(WIN32) && defined(NTSD_EAS))
@@ -2023,7 +2025,8 @@ static int TestExtraField(__G__ ef, ef_len)
ebID = makeword(ef);
ebLen = (unsigned)makeword(ef+EB_LEN);
- if (ebLen > (ef_len - EB_HEADSIZE)) {
+ if (ebLen > (ef_len - EB_HEADSIZE))
+ {
/* Discovered some extra field inconsistency! */
if (uO.qflag)
Info(slide, 1, ((char *)slide, "%-22s ",
@@ -2158,11 +2161,19 @@ static int TestExtraField(__G__ ef, ef_len)
}
break;
case EF_PKVMS:
- if (makelong(ef+EB_HEADSIZE) !=
+ if (ebLen < 4)
+ {
+ Info(slide, 1,
+ ((char *)slide, LoadFarString(TooSmallEBlength),
+ ebLen, 4));
+ }
+ else if (makelong(ef+EB_HEADSIZE) !=
crc32(CRCVAL_INITIAL, ef+(EB_HEADSIZE+4),
(extent)(ebLen-4)))
+ {
Info(slide, 1, ((char *)slide,
LoadFarString(BadCRC_EAs)));
+ }
break;
case EF_PKW32:
case EF_PKUNIX:
--
Reference in New Issue View Git Blame Copy Permalink