Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 475068 Details for
Bug 620470
<app-arch/unzip-6.0_p21-r2: Multiple vulnerabilities
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
cve-2014-9636.patch
cve-2014-9636.patch (text/plain), 1.56 KB, created by
Andrey Ovcharov
on 2017-06-03 05:28:29 UTC
(
hide
)
Description:
cve-2014-9636.patch
Filename:
MIME Type:
Creator:
Andrey Ovcharov
Created:
2017-06-03 05:28:29 UTC
Size:
1.56 KB
patch
obsolete
>From 190040ebfcf5395a6ccedede2cc9343d34f0a108 Mon Sep 17 00:00:00 2001 >From: mancha <mancha1 AT zoho DOT com> >Date: Wed, 11 Feb 2015 >Subject: Info-ZIP UnZip buffer overflow > >Upstream-Status: Backport >CVE: CVE-2014-9636 > >By carefully crafting a corrupt ZIP archive with "extra fields" that >purport to have compressed blocks larger than the corresponding >uncompressed blocks in STORED no-compression mode, an attacker can >trigger a heap overflow that can result in application crash or >possibly have other unspecified impact. > >This patch ensures that when extra fields use STORED mode, the >"compressed" and uncompressed block sizes match. > >Signed-off-by: mancha <mancha1 AT zoho DOT com> >--- > extract.c | 8 ++++++++ > 1 file changed, 8 insertions(+) > >--- a/extract.c >+++ b/extract.c >@@ -2217,6 +2217,7 @@ static int test_compr_eb(__G__ eb, eb_si > ulg eb_ucsize; > uch *eb_ucptr; > int r; >+ ush method; > > if (compr_offset < 4) /* field is not compressed: */ > return PK_OK; /* do nothing and signal OK */ >@@ -2226,6 +2227,13 @@ static int test_compr_eb(__G__ eb, eb_si > eb_size <= (compr_offset + EB_CMPRHEADLEN))) > return IZ_EF_TRUNC; /* no compressed data! */ > >+ method = makeword(eb + (EB_HEADSIZE + compr_offset)); >+ if ((method == STORED) && >+ (eb_size - compr_offset - EB_CMPRHEADLEN != eb_ucsize)) >+ return PK_ERR; /* compressed & uncompressed >+ * should match in STORED >+ * method */ >+ > if ( > #ifdef INT_16BIT > (((ulg)(extent)eb_ucsize) != eb_ucsize) ||
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 620470
:
475062
|
475064
|
475066
| 475068