!32 fix CVE-2021-4217

From: @dongyuzhen Reviewed-by: @lvying6 Signed-off-by: @lvying6
2022-09-06 06:33:02 +00:00 · 2022-09-06 06:33:02 +00:00 · 2541098351
commit 2541098351
parent 8ac840c494 883e9a1bd2
2 changed files with 44 additions and 1 deletions
--- a/backport-CVE-2021-4217.patch
+++ b/backport-CVE-2021-4217.patch
@ -0,0 +1,39 @@
+From 731d698377dbd1f5b1b90efeb8094602ed59fc40 Mon Sep 17 00:00:00 2001
+From: Nils Bars <nils.bars@t-online.de>
+Date: Mon, 17 Jan 2022 16:53:16 +0000
+Subject: [PATCH] Fix null pointer dereference and use of uninitialized data
+
+This fixes a bug that causes use of uninitialized heap data if `readbuf` fails
+to read as many bytes as indicated by the extra field length attribute.
+Furthermore, this fixes a null pointer dereference if an archive contains an
+`EF_UNIPATH` extra field but does not have a filename set.
+
+Reference:https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1957077
+Conflict: fileio.c file not change.
+---
+ process.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/process.c b/process.c
+index abe938b..f573ee4 100644
+--- a/process.c
+++ b/process.c
+@@ -2060,10 +2060,14 @@ int getUnicodeData(__G__ ef_buf, ef_len)
+           G.unipath_checksum = makelong(offset + ef_buf);
+           offset += 4;
+ 
+          if (!G.filename_full) {
+            /* Check if we have a unicode extra section but no filename set */
+            return PK_ERR;
+          }
+
+           /*
+            * Compute 32-bit crc
+            */
+-
+           chksum = crc32(chksum, (uch *)(G.filename_full),
+                          strlen(G.filename_full));
+ 
+-- 
+2.33.0
+
--- a/unzip.spec
+++ b/unzip.spec
@ -1,6 +1,6 @@
 Name:           unzip
 Version:        6.0
-Release:        49
+Release:        50
 Summary:        A utility for unpacking zip files
 License:        Info-ZIP,Public Domain
 URL:            http://www.info-zip.org/UnZip.html
@ -34,6 +34,7 @@ Patch6000:      CVE-2018-18384.patch
 Patch6001:      CVE-2019-13232-pre.patch
 Patch6002:      CVE-2019-13232.patch
 Patch6003:      CVE-2019-13232-fur1.patch
+Patch6004:      backport-CVE-2021-4217.patch
 Patch9000:      CVE-2019-13232-fur2.patch
 Patch9001:      CVE-2022-0530.patch
 Patch9002:      CVE-2022-0529.patch
@ -74,6 +75,9 @@ make check -f unix/Makefile
 %{_mandir}/man1/*

 %changelog
+* Tue Sep 6 2022 dongyuzhen <dongyuzhen@h-partners.com> - 6.0-50
+- fix CVE-2021-4217
+
 * Tue May 10 2022 shixuantong <shixuantong@h-partners.com> - 6.0-49
 - enable check test suite