unzip/CVE-2022-0530.patch

From 4d9e8cd35d59f05f75cb2d8f05c6e4c9277dcf9c Mon Sep 17 00:00:00 2001
From: Zhipeng Xie <xiezhipeng1@huawei.com>
Date: Tue, 22 Feb 2022 21:04:25 +0000
Subject: [PATCH 1/2] Fix CVE-2022-0530

Signed-off-by: Zhipeng Xie <xiezhipeng1@huawei.com>
---
 fileio.c  | 20 +++++++++++++-------
 process.c |  2 ++
 2 files changed, 15 insertions(+), 7 deletions(-)

diff --git a/fileio.c b/fileio.c
index cf995a9..e237272 100644
--- a/fileio.c
+++ b/fileio.c
@@ -2360,16 +2360,22 @@ int do_string(__G__ length, option)   /* return PK-type error code */
                   /* convert UTF-8 to local character set */
                   fn = utf8_to_local_string(G.unipath_filename,
                                             G.unicode_escape_all);
-                  /* make sure filename is short enough */
-                  if (strlen(fn) >= FILNAMSIZ) {
-                    fn[FILNAMSIZ - 1] = '\0';
+                  if (!fn) {
                     Info(slide, 0x401, ((char *)slide,
-                      LoadFarString(UFilenameTooLongTrunc)));
+                      LoadFarString( ExtraFieldCorrupt), EF_PKSZ64));
                     error = PK_WARN;
+                  } else {
+                    /* make sure filename is short enough */
+                    if (strlen(fn) >= FILNAMSIZ) {
+                      fn[FILNAMSIZ - 1] = '\0';
+                      Info(slide, 0x401, ((char *)slide,
+                        LoadFarString(UFilenameTooLongTrunc)));
+                      error = PK_WARN;
+                    }
+                    /* replace filename with converted UTF-8 */
+                    strcpy(G.filename, fn);
+                    free(fn);
                   }
-                  /* replace filename with converted UTF-8 */
-                  strcpy(G.filename, fn);
-                  free(fn);
                 }
 # endif /* UNICODE_WCHAR */
                 if (G.unipath_filename != G.filename_full)
diff --git a/process.c b/process.c
index 46abce2..5cba073 100644
--- a/process.c
+++ b/process.c
@@ -2597,6 +2597,8 @@ char *utf8_to_local_string(utf8_string, escape_all)
   int escape_all;
 {
   zwchar *wide = utf8_to_wide_string(utf8_string);
+  if (!wide)
+    return NULL;
   char *loc = wide_to_local_string(wide, escape_all);
   free(wide);
   return loc;
-- 
2.27.0
fix CVE-2022-0529 CVE-2022-0530 (cherry picked from commit 7969d7aebd2f776e9fd363539e19faa57def8d24) 2022-02-23 11:14:07 +08:00			`From 4d9e8cd35d59f05f75cb2d8f05c6e4c9277dcf9c Mon Sep 17 00:00:00 2001`
			`From: Zhipeng Xie <xiezhipeng1@huawei.com>`
			`Date: Tue, 22 Feb 2022 21:04:25 +0000`
			`Subject: [PATCH 1/2] Fix CVE-2022-0530`

			`Signed-off-by: Zhipeng Xie <xiezhipeng1@huawei.com>`
			`---`
			`fileio.c \| 20 +++++++++++++-------`
			`process.c \| 2 ++`
			`2 files changed, 15 insertions(+), 7 deletions(-)`

			`diff --git a/fileio.c b/fileio.c`
			`index cf995a9..e237272 100644`
			`--- a/fileio.c`
			`+++ b/fileio.c`
			`@@ -2360,16 +2360,22 @@ int do_string(__G__ length, option) /* return PK-type error code */`
			`/* convert UTF-8 to local character set */`
			`fn = utf8_to_local_string(G.unipath_filename,`
			`G.unicode_escape_all);`
			`- /* make sure filename is short enough */`
			`- if (strlen(fn) >= FILNAMSIZ) {`
			`- fn[FILNAMSIZ - 1] = '\0';`
			`+ if (!fn) {`
			`Info(slide, 0x401, ((char *)slide,`
			`- LoadFarString(UFilenameTooLongTrunc)));`
			`+ LoadFarString( ExtraFieldCorrupt), EF_PKSZ64));`
			`error = PK_WARN;`
			`+ } else {`
			`+ /* make sure filename is short enough */`
			`+ if (strlen(fn) >= FILNAMSIZ) {`
			`+ fn[FILNAMSIZ - 1] = '\0';`
			`+ Info(slide, 0x401, ((char *)slide,`
			`+ LoadFarString(UFilenameTooLongTrunc)));`
			`+ error = PK_WARN;`
			`+ }`
			`+ /* replace filename with converted UTF-8 */`
			`+ strcpy(G.filename, fn);`
			`+ free(fn);`
			`}`
			`- /* replace filename with converted UTF-8 */`
			`- strcpy(G.filename, fn);`
			`- free(fn);`
			`}`
			`# endif /* UNICODE_WCHAR */`
			`if (G.unipath_filename != G.filename_full)`
			`diff --git a/process.c b/process.c`
			`index 46abce2..5cba073 100644`
			`--- a/process.c`
			`+++ b/process.c`
			`@@ -2597,6 +2597,8 @@ char *utf8_to_local_string(utf8_string, escape_all)`
			`int escape_all;`
			`{`
			`zwchar *wide = utf8_to_wide_string(utf8_string);`
			`+ if (!wide)`
			`+ return NULL;`
			`char *loc = wide_to_local_string(wide, escape_all);`
			`free(wide);`
			`return loc;`
			`--`
			`2.27.0`