-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
7b6e592
commit e33587b
Showing
3 changed files
with
58 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,3 +1,13 @@ | ||
| unzip (6.0.1-deepin2) unstable; urgency=medium | ||
|
|
||
| [ Marc Deslauriers ] | ||
| * SECURITY UPDATE: Null pointer dereference in unzip (LP: #1957077) | ||
| - debian/patches/CVE-2021-4217.patch: Fix null pointer dereference and | ||
| use of uninitialized data. | ||
| - CVE-2021-4217 | ||
|
|
||
| -- Tianyu Chen <[email protected]> Wed, 25 Dec 2024 15:49:03 +0800 | ||
|
|
||
| unzip (6.0.1-deepin1) unstable; urgency=medium | ||
|
|
||
| * Update to 6.0-28. | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,47 @@ | ||
| From 731d698377dbd1f5b1b90efeb8094602ed59fc40 Mon Sep 17 00:00:00 2001 | ||
| From: Nils Bars <[email protected]> | ||
| Date: Mon, 17 Jan 2022 16:53:16 +0000 | ||
| Subject: [PATCH] Fix null pointer dereference and use of uninitialized data | ||
|
|
||
| This fixes a bug that causes use of uninitialized heap data if `readbuf` fails | ||
| to read as many bytes as indicated by the extra field length attribute. | ||
| Furthermore, this fixes a null pointer dereference if an archive contains an | ||
| `EF_UNIPATH` extra field but does not have a filename set. | ||
| --- | ||
| fileio.c | 5 ++++- | ||
| process.c | 6 +++++- | ||
| 2 files changed, 9 insertions(+), 2 deletions(-) | ||
|
|
||
| --- a/fileio.c | ||
| +++ b/fileio.c | ||
| @@ -2322,8 +2322,11 @@ int do_string(__G__ length, option) /* | ||
| seek_zipf(__G__ G.cur_zipfile_bufstart - G.extra_bytes + | ||
| (G.inptr-G.inbuf) + length); | ||
| } else { | ||
| - if (readbuf(__G__ (char *)G.extra_field, length) == 0) | ||
| + unsigned bytes_read = readbuf(__G__ (char *)G.extra_field, length); | ||
| + if (bytes_read == 0) | ||
| return PK_EOF; | ||
| + if (bytes_read != length) | ||
| + return PK_ERR; | ||
| /* Looks like here is where extra fields are read */ | ||
| if (getZip64Data(__G__ G.extra_field, length) != PK_COOL) | ||
| { | ||
| --- a/process.c | ||
| +++ b/process.c | ||
| @@ -2067,10 +2067,14 @@ int getUnicodeData(__G__ ef_buf, ef_len) | ||
| G.unipath_checksum = makelong(offset + ef_buf); | ||
| offset += 4; | ||
|
|
||
| + if (!G.filename_full) { | ||
| + /* Check if we have a unicode extra section but no filename set */ | ||
| + return PK_ERR; | ||
| + } | ||
| + | ||
| /* | ||
| * Compute 32-bit crc | ||
| */ | ||
| - | ||
| chksum = crc32(chksum, (uch *)(G.filename_full), | ||
| strlen(G.filename_full)); | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters