Line
Link Here
|
0 |
-- a/list.c |
0 |
++ b/list.c |
Lines 339-345
Link Here
|
339 |
G.crec.compression_method == ENHDEFLATED) { |
339 |
G.crec.compression_method == ENHDEFLATED) { |
340 |
methbuf[5] = dtype[(G.crec.general_purpose_bit_flag>>1) & 3]; |
340 |
methbuf[5] = dtype[(G.crec.general_purpose_bit_flag>>1) & 3]; |
341 |
} else if (methnum >= NUM_METHODS) { |
341 |
} else if (methnum >= NUM_METHODS) { |
342 |
sprintf(&methbuf[4], "%03u", G.crec.compression_method); |
342 |
/* 2013-02-26 SMS. |
|
|
343 |
* http://sourceforge.net/p/infozip/bugs/27/ CVE-2014-9913. |
344 |
* Unexpectedly large compression methods overflow |
345 |
* &methbuf[]. Use the old, three-digit decimal format |
346 |
* for values which fit. Otherwise, sacrifice the |
347 |
* colon, and use four-digit hexadecimal. |
348 |
*/ |
349 |
if (G.crec.compression_method <= 999) { |
350 |
sprintf( &methbuf[ 4], "%03u", G.crec.compression_method); |
351 |
} else { |
352 |
sprintf( &methbuf[ 3], "%04X", G.crec.compression_method); |
353 |
} |
343 |
} |
354 |
} |
344 |
|
355 |
|
345 |
#if 0 /* GRR/Euro: add this? */ |
356 |
#if 0 /* GRR/Euro: add this? */ |