40 lines
1.3 KiB
Diff
40 lines
1.3 KiB
Diff
From 731d698377dbd1f5b1b90efeb8094602ed59fc40 Mon Sep 17 00:00:00 2001
|
|
From: Nils Bars <nils.bars@t-online.de>
|
|
Date: Mon, 17 Jan 2022 16:53:16 +0000
|
|
Subject: [PATCH] Fix null pointer dereference and use of uninitialized data
|
|
|
|
This fixes a bug that causes use of uninitialized heap data if `readbuf` fails
|
|
to read as many bytes as indicated by the extra field length attribute.
|
|
Furthermore, this fixes a null pointer dereference if an archive contains an
|
|
`EF_UNIPATH` extra field but does not have a filename set.
|
|
|
|
Reference:https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1957077
|
|
Conflict: fileio.c file not change.
|
|
---
|
|
process.c | 6 +++++-
|
|
1 file changed, 5 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/process.c b/process.c
|
|
index abe938b..f573ee4 100644
|
|
--- a/process.c
|
|
+++ b/process.c
|
|
@@ -2060,10 +2060,14 @@ int getUnicodeData(__G__ ef_buf, ef_len)
|
|
G.unipath_checksum = makelong(offset + ef_buf);
|
|
offset += 4;
|
|
|
|
+ if (!G.filename_full) {
|
|
+ /* Check if we have a unicode extra section but no filename set */
|
|
+ return PK_ERR;
|
|
+ }
|
|
+
|
|
/*
|
|
* Compute 32-bit crc
|
|
*/
|
|
-
|
|
chksum = crc32(chksum, (uch *)(G.filename_full),
|
|
strlen(G.filename_full));
|
|
|
|
--
|
|
2.33.0
|
|
|