|
Line
Link Here
|
| 0 |
-- a/list.c |
0 |
++ b/list.c |
|
Lines 339-345
Link Here
|
| 339 |
G.crec.compression_method == ENHDEFLATED) { |
339 |
G.crec.compression_method == ENHDEFLATED) { |
| 340 |
methbuf[5] = dtype[(G.crec.general_purpose_bit_flag>>1) & 3]; |
340 |
methbuf[5] = dtype[(G.crec.general_purpose_bit_flag>>1) & 3]; |
| 341 |
} else if (methnum >= NUM_METHODS) { |
341 |
} else if (methnum >= NUM_METHODS) { |
| 342 |
sprintf(&methbuf[4], "%03u", G.crec.compression_method); |
342 |
/* 2013-02-26 SMS. |
|
|
343 |
* http://sourceforge.net/p/infozip/bugs/27/ CVE-2014-9913. |
| 344 |
* Unexpectedly large compression methods overflow |
| 345 |
* &methbuf[]. Use the old, three-digit decimal format |
| 346 |
* for values which fit. Otherwise, sacrifice the |
| 347 |
* colon, and use four-digit hexadecimal. |
| 348 |
*/ |
| 349 |
if (G.crec.compression_method <= 999) { |
| 350 |
sprintf( &methbuf[ 4], "%03u", G.crec.compression_method); |
| 351 |
} else { |
| 352 |
sprintf( &methbuf[ 3], "%04X", G.crec.compression_method); |
| 353 |
} |
| 343 |
} |
354 |
} |
| 344 |
|
355 |
|
| 345 |
#if 0 /* GRR/Euro: add this? */ |
356 |
#if 0 /* GRR/Euro: add this? */ |
