Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 119979 Details for
Bug 178986
app-arch/zoo Denial of Service Vulnerability (CVE-2007-1669)
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
Patchfile
zoo-2.10-CVE-2007-1673.patch (text/plain), 2.32 KB, created by
Icebird2000
on 2007-05-22 09:51:38 UTC
(
hide
)
Description:
Patchfile
Filename:
MIME Type:
Creator:
Icebird2000
Created:
2007-05-22 09:51:38 UTC
Size:
2.32 KB
patch
obsolete
>diff -urNad zoo-2.10~/zooext.c zoo-2.10/zooext.c >--- zoo-2.10~/zooext.c 2007-05-18 14:42:25.000000000 -0300 >+++ zoo-2.10/zooext.c 2007-05-18 14:47:31.000000000 -0300 >@@ -90,6 +90,7 @@ > #endif > struct direntry direntry; /* directory entry */ > int first_dir = 1; /* first dir entry seen? */ >+unsigned long zoo_pointer = 0; /* Track our position in the file */ > > static char extract_ver[] = "Zoo %d.%d is needed to extract %s.\n"; > static char no_space[] = "Insufficient disk space to extract %s.\n"; >@@ -174,6 +175,9 @@ > exit_status = 1; > } > zooseek (zoo_file, zoo_header.zoo_start, 0); /* seek to where data begins */ >+ >+ /* Begin tracking our position in the file */ >+ zoo_pointer = zoo_header.zoo_start; > } > > #ifndef PORTABLE >@@ -602,6 +606,11 @@ > } /* end if */ > > loop_again: >+ /* Make sure we are not seeking to already processed data */ >+ if (next_ptr <= zoo_pointer) >+ prterror ('f', "ZOO chain structure is corrupted\n"); >+ zoo_pointer = next_ptr; >+ > zooseek (zoo_file, next_ptr, 0); /* ..seek to next dir entry */ > } /* end while */ > >diff -urNad zoo-2.10~/zoolist.c zoo-2.10/zoolist.c >--- zoo-2.10~/zoolist.c 2007-05-18 14:42:25.000000000 -0300 >+++ zoo-2.10/zoolist.c 2007-05-18 14:50:39.000000000 -0300 >@@ -93,6 +93,7 @@ > int show_mode = 0; /* show file protection */ > #endif > int first_dir = 1; /* if first direntry -- to adjust dat_ofs */ >+unsigned long zoo_pointer = 0; /* Track our position in the file */ > > while (*option) { > switch (*option) { >@@ -211,6 +212,9 @@ > void show_acmt PARMS ((struct zoo_header *, ZOOFILE, int)); > show_acmt (&zoo_header, zoo_file, 0); /* show archive comment */ > } >+ >+ /* Begin tracking our position in the file */ >+ zoo_pointer = zoo_header.zoo_start; > > /* Seek to the beginning of the first directory entry */ > if (zooseek (zoo_file, zoo_header.zoo_start, 0) != 0) { >@@ -438,6 +442,11 @@ > if (verb_list && !fast) > show_comment (&direntry, zoo_file, 0, (char *) NULL); > } /* end if (lots of conditions) */ >+ >+ /* Make sure we are not seeking to already processed data */ >+ if (direntry.next <= zoo_pointer) >+ prterror ('f', "ZOO chain structure is corrupted\n"); >+ zoo_pointer = direntry.next; > > /* ..seek to next dir entry */ > zooseek (zoo_file, direntry.next, 0);
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=119979">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 178986
: 119979 |
120137
|
120138
|
120139
