FreeBSD Bugzilla – Attachment 165057 Details for
Bug 204413
archivers/unzip multiple vulnerabilities
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch to fix CVE-2015-7696 and CVE-2015-7697
unzip.patch (text/plain), 3.83 KB, created by
Emanuel Haupt
on 2016-01-04 14:38:40 UTC
(
hide
)
Description:
Patch to fix CVE-2015-7696 and CVE-2015-7697
Filename:
MIME Type:
Creator:
Emanuel Haupt
Created:
2016-01-04 14:38:40 UTC
Size:
3.83 KB
patch
obsolete
>Index: Makefile >=================================================================== >--- Makefile (revision 405237) >+++ Makefile (working copy) >@@ -3,7 +3,7 @@ > > PORTNAME= unzip > PORTVERSION= 6.0 >-PORTREVISION= 6 >+PORTREVISION= 7 > CATEGORIES= archivers > MASTER_SITES= SF/infozip/UnZip%206.x%20%28latest%29/UnZip%20${PORTVERSION}/:main \ > SF/infozip/UnZip%205.x%20and%20earlier/5.51/:unreduce >Index: files/patch-crypt.c >=================================================================== >--- files/patch-crypt.c (nonexistent) >+++ files/patch-crypt.c (working copy) >@@ -0,0 +1,21 @@ >+--- crypt.c.orig 2007-01-05 16:47:36.000000000 +0100 >++++ crypt.c 2016-01-04 14:39:27.300502995 +0100 >+@@ -465,7 +465,17 @@ >+ GLOBAL(pInfo->encrypted) = FALSE; >+ defer_leftover_input(__G); >+ for (n = 0; n < RAND_HEAD_LEN; n++) { >+- b = NEXTBYTE; >++ /* 2012-11-23 SMS. (OUSPG report.) >++ * Quit early if compressed size < HEAD_LEN. The resulting >++ * error message ("unable to get password") could be improved, >++ * but it's better than trying to read nonexistent data, and >++ * then continuing with a negative G.csize. (See >++ * fileio.c:readbyte()). >++ */ >++ if ((b = NEXTBYTE) == (ush)EOF) >++ { >++ return PK_ERR; >++ } >+ h[n] = (uch)b; >+ Trace((stdout, " (%02x)", h[n])); >+ } > >Property changes on: files/patch-crypt.c >___________________________________________________________________ >Added: fbsd:nokeywords >## -0,0 +1 ## >+yes >\ No newline at end of property >Added: svn:eol-style >## -0,0 +1 ## >+native >\ No newline at end of property >Added: svn:mime-type >## -0,0 +1 ## >+text/plain >\ No newline at end of property >Index: files/patch-extract.c >=================================================================== >--- files/patch-extract.c (revision 405237) >+++ files/patch-extract.c (working copy) >@@ -1,5 +1,5 @@ >---- extract.c.orig 2009-03-14 01:32:52 UTC >-+++ extract.c >+--- extract.c.orig 2009-03-14 02:32:52.000000000 +0100 >++++ extract.c 2016-01-04 14:43:11.813488458 +0100 > @@ -1,5 +1,5 @@ > /* > - Copyright (c) 1990-2009 Info-ZIP. All rights reserved. >@@ -7,7 +7,7 @@ > > See the accompanying file LICENSE, version 2009-Jan-02 or later > (the contents of which are also included in unzip.h) for terms of use. >-@@ -298,6 +298,8 @@ char ZCONST Far TruncNTSD[] = >+@@ -298,6 +298,8 @@ > #ifndef SFX > static ZCONST char Far InconsistEFlength[] = "bad extra-field entry:\n \ > EF block length (%u bytes) exceeds remaining EF data (%u bytes)\n"; >@@ -16,7 +16,7 @@ > static ZCONST char Far InvalidComprDataEAs[] = > " invalid compressed data for EAs\n"; > # if (defined(WIN32) && defined(NTSD_EAS)) >-@@ -2023,7 +2025,8 @@ static int TestExtraField(__G__ ef, ef_l >+@@ -2023,7 +2025,8 @@ > ebID = makeword(ef); > ebLen = (unsigned)makeword(ef+EB_LEN); > >@@ -26,7 +26,7 @@ > /* Discovered some extra field inconsistency! */ > if (uO.qflag) > Info(slide, 1, ((char *)slide, "%-22s ", >-@@ -2032,6 +2035,16 @@ static int TestExtraField(__G__ ef, ef_l >+@@ -2032,6 +2035,16 @@ > ebLen, (ef_len - EB_HEADSIZE))); > return PK_ERR; > } >@@ -43,7 +43,7 @@ > > switch (ebID) { > case EF_OS2: >-@@ -2217,14 +2230,28 @@ static int test_compr_eb(__G__ eb, eb_si >+@@ -2217,14 +2230,28 @@ > ulg eb_ucsize; > uch *eb_ucptr; > int r; >@@ -75,3 +75,16 @@ > > if ( > #ifdef INT_16BIT >+@@ -2701,6 +2728,12 @@ >+ int repeated_buf_err; >+ bz_stream bstrm; >+ >++ if (G.incnt <= 0 && G.csize <= 0L) { >++ /* avoid an infinite loop */ >++ Trace((stderr, "UZbunzip2() got empty input\n")); >++ return 2; >++ } >++ >+ #if (defined(DLL) && !defined(NO_SLIDE_REDIR)) >+ if (G.redirect_slide) >+ wsize = G.redirect_size, redirSlide = G.redirect_buffer;
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=165057">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 204413
: 165057 |
165091