25 lines
763 B
Diff
25 lines
763 B
Diff
From dd2a5c4be6a460636b415792f02e7c8ae62f524e Mon Sep 17 00:00:00 2001
|
|
From: Hector Chen <shine751105@gmail.com>
|
|
Date: Thu, 21 Feb 2019 09:32:33 +0800
|
|
Subject: [PATCH] Fix CVE-2018-13410
|
|
|
|
---
|
|
zip.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/zip.c b/zip.c
|
|
index 439821f..f13e2a1 100644
|
|
--- a/zip.c
|
|
+++ b/zip.c
|
|
@@ -1437,7 +1437,7 @@ local void check_zipfile(zipname, zippath)
|
|
/* Replace first {} with archive name. If no {} append name to string. */
|
|
here = strstr(unzip_path, "{}");
|
|
|
|
- if ((cmd = malloc(strlen(unzip_path) + strlen(zipname) + 3)) == NULL) {
|
|
+ if ((cmd = malloc(strlen(unzip_path) + strlen(zipname) + 4)) == NULL) {
|
|
ziperr(ZE_MEM, "building command string for testing archive");
|
|
}
|
|
|
|
--
|
|
2.7.4
|