zip/CVE-2018-13410.patch

From dd2a5c4be6a460636b415792f02e7c8ae62f524e Mon Sep 17 00:00:00 2001
From: Hector Chen <shine751105@gmail.com>
Date: Thu, 21 Feb 2019 09:32:33 +0800
Subject: [PATCH] Fix CVE-2018-13410

---
 zip.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/zip.c b/zip.c
index 439821f..f13e2a1 100644
--- a/zip.c
+++ b/zip.c
@@ -1437,7 +1437,7 @@ local void check_zipfile(zipname, zippath)
     /* Replace first {} with archive name.  If no {} append name to string. */
     here = strstr(unzip_path, "{}");
 
-    if ((cmd = malloc(strlen(unzip_path) + strlen(zipname) + 3)) == NULL) {
+    if ((cmd = malloc(strlen(unzip_path) + strlen(zipname) + 4)) == NULL) {
       ziperr(ZE_MEM, "building command string for testing archive");
     }
 
-- 
2.7.4
Package init 2019-09-30 11:20:45 -04:00			`From dd2a5c4be6a460636b415792f02e7c8ae62f524e Mon Sep 17 00:00:00 2001`
			`From: Hector Chen <shine751105@gmail.com>`
			`Date: Thu, 21 Feb 2019 09:32:33 +0800`
			`Subject: [PATCH] Fix CVE-2018-13410`

			`---`
			`zip.c \| 2 +-`
			`1 file changed, 1 insertion(+), 1 deletion(-)`

			`diff --git a/zip.c b/zip.c`
			`index 439821f..f13e2a1 100644`
			`--- a/zip.c`
			`+++ b/zip.c`
			`@@ -1437,7 +1437,7 @@ local void check_zipfile(zipname, zippath)`
			`/* Replace first {} with archive name. If no {} append name to string. */`
			`here = strstr(unzip_path, "{}");`

			`- if ((cmd = malloc(strlen(unzip_path) + strlen(zipname) + 3)) == NULL) {`
			`+ if ((cmd = malloc(strlen(unzip_path) + strlen(zipname) + 4)) == NULL) {`
			`ziperr(ZE_MEM, "building command string for testing archive");`
			`}`

			`--`
			`2.7.4`