openwrt-mirror/packages
1
0
Fork 0
mirror of https://github.com/openwrt/packages.git synced 2025-12-21 17:04:32 +04:00
Code Issues Packages Projects Releases Wiki Activity
Files
f9e7e2db94a768d24201df27c4b619e724f95536
packages/utils/unzip/patches/0011-fix-heap-based-buffer-overflow-in-the-password-prote.patch
Florian Eckert f9e7e2db94 unzip: add valid patche headers and missing CVE informations 
This commit adds a valid git patch header for each patch, so that
additional information can be stored. This is in this case and 'CVE:' tag.
This can be used by CVE scanner to find out if the patch fixes a CVE.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2025-09-08 09:23:42 +02:00

52 lines
1.8 KiB
Diff
Raw Blame History

From 3c252bd75cab0e4b6a0983f3353cc4df2c6d2d5c Mon Sep 17 00:00:00 2001
From: OpenWrt community <openwrt-devel@lists.openwrt.org>
Date: Mon, 30 Oct 2023 14:55:12 +0100
Subject: [PATCH] fix: heap-based buffer overflow in the
password-protected processing
https://nvd.nist.gov/vuln/detail/CVE-2018-1000035
CVE: CVE-2018-1000035
---
fileio.c | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)
diff --git a/fileio.c b/fileio.c
index 36bfea3..cb05903 100644
--- a/fileio.c
+++ b/fileio.c
@@ -1,5 +1,5 @@
/*
- Copyright (c) 1990-2009 Info-ZIP. All rights reserved.
+ Copyright (c) 1990-2017 Info-ZIP. All rights reserved.
See the accompanying file LICENSE, version 2009-Jan-02 or later
(the contents of which are also included in unzip.h) for terms of use.
@@ -1582,6 +1582,8 @@ int UZ_EXP UzpPassword (pG, rcnt, pwbuf, size, zfn, efn)
int r = IZ_PW_ENTERED;
char *m;
char *prompt;
+ char *ep;
+ char *zp;
#ifndef REENTRANT
/* tell picky compilers to shut up about "unused variable" warnings */
@@ -1590,9 +1592,12 @@ int UZ_EXP UzpPassword (pG, rcnt, pwbuf, size, zfn, efn)
if (*rcnt == 0) { /* First call for current entry */
*rcnt = 2;
- if ((prompt = (char *)malloc(2*FILNAMSIZ + 15)) != (char *)NULL) {
- sprintf(prompt, LoadFarString(PasswPrompt),
- FnFilter1(zfn), FnFilter2(efn));
+ zp = FnFilter1( zfn);
+ ep = FnFilter2( efn);
+ prompt = (char *)malloc( /* Slightly too long (2* "%s"). */
+ sizeof( PasswPrompt)+ strlen( zp)+ strlen( ep));
+ if (prompt != (char *)NULL) {
+ sprintf(prompt, LoadFarString(PasswPrompt), zp, ep);
m = prompt;
} else
m = (char *)LoadFarString(PasswPrompt2);
--
Reference in New Issue View Git Blame Copy Permalink