unzip: fix for CVE-2018-18384

(From OE-Core rev: 2ddb3b25ed063b47d3fe2b3e9e17b7f9d0e2a7e5) Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Changqing Li <changqing.li@windriver.com> 2018-11-02 14:08:57 +0800
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2018-11-07 23:08:54 +0000
commit: 886922a0b3636c5809b526afb5496679c1196f4d (patch)
tree: a37e72d9ee63b0bad5841c2068cf81b6f1d0360d /meta/recipes-extended/unzip
parent: cae6e5dc833e4726610c86d4ca8b26e97b54f14c (diff)
download: poky-886922a0b3636c5809b526afb5496679c1196f4d.tar.gz
1 files changed, 39 insertions, 0 deletions
diff --git a/meta/recipes-extended/unzip/unzip/CVE-2018-18384.patch b/meta/recipes-extended/unzip/unzip/CVE-2018-18384.patch
new file mode 100644
index 0000000000..cc9e2c1ea1
--- /dev/null
+++ b/meta/recipes-extended/unzip/unzip/CVE-2018-18384.patch
@@ -0,0 +1,39 @@
+Upstream-Status: Backport [https://sourceforge.net/p/infozip/bugs/53/]
+CVE: CVE-2018-18384
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+--- unzip60/list.c      
+++ unzip60/list.c      
+@@ -97,7 +97,7 @@ int list_files(__G)    /* return PK-type
+ {
+     int do_this_file=FALSE, cfactor, error, error_in_archive=PK_COOL;
+ #ifndef WINDLL
+-    char sgn, cfactorstr[10];
+    char sgn, cfactorstr[1+10+1+1];    /* <sgn><int>%NUL */
+     int longhdr=(uO.vflag>1);
+ #endif
+     int date_format;
+@@ -389,9 +389,9 @@ int list_files(__G)    /* return PK-type
+             }
+ #else /* !WINDLL */
+             if (cfactor == 100)
+-                sprintf(cfactorstr, LoadFarString(CompFactor100));
+                snprintf(cfactorstr, sizeof(cfactorstr), LoadFarString(CompFactor100));
+             else
+-                sprintf(cfactorstr, LoadFarString(CompFactorStr), sgn, cfactor);
+                snprintf(cfactorstr, sizeof(cfactorstr), LoadFarString(CompFactorStr), sgn, cfactor);
+             if (longhdr)
+                 Info(slide, 0, ((char *)slide, LoadFarString(LongHdrStats),
+                   FmZofft(G.crec.ucsize, "8", "u"), methbuf,
+@@ -471,9 +471,9 @@ int list_files(__G)    /* return PK-type
+ 
+ #else /* !WINDLL */
+         if (cfactor == 100)
+-            sprintf(cfactorstr, LoadFarString(CompFactor100));
+            snprintf(cfactorstr, sizeof(cfactorstr), LoadFarString(CompFactor100));
+         else
+-            sprintf(cfactorstr, LoadFarString(CompFactorStr), sgn, cfactor);
+            snprintf(cfactorstr, sizeof(cfactorstr), LoadFarString(CompFactorStr), sgn, cfactor);
+         if (longhdr) {
+             Info(slide, 0, ((char *)slide, LoadFarString(LongFileTrailer),
+               FmZofft(tot_ucsize, "8", "u"), FmZofft(tot_csize, "8", "u"),
author	Changqing Li <changqing.li@windriver.com>	2018-11-02 14:08:57 +0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2018-11-07 23:08:54 +0000
commit	886922a0b3636c5809b526afb5496679c1196f4d (patch)
tree	a37e72d9ee63b0bad5841c2068cf81b6f1d0360d /meta/recipes-extended/unzip
parent	cae6e5dc833e4726610c86d4ca8b26e97b54f14c (diff)
download	poky-886922a0b3636c5809b526afb5496679c1196f4d.tar.gz

diff --git a/meta/recipes-extended/unzip/unzip/CVE-2018-18384.patch b/meta/recipes-extended/unzip/unzip/CVE-2018-18384.patch new file mode 100644 index 0000000000..cc9e2c1ea1 --- /dev/null +++ b/meta/recipes-extended/unzip/unzip/CVE-2018-18384.patch
@@ -0,0 +1,39 @@
	1	Upstream-Status: Backport [https://sourceforge.net/p/infozip/bugs/53/]
	2	CVE: CVE-2018-18384
	3	Signed-off-by: Changqing Li <changqing.li@windriver.com>
	4
	5	--- unzip60/list.c
	6	+++ unzip60/list.c
	7	@@ -97,7 +97,7 @@ int list_files(__G) /* return PK-type
	8	{
	9	int do_this_file=FALSE, cfactor, error, error_in_archive=PK_COOL;
	10	#ifndef WINDLL
	11	- char sgn, cfactorstr[10];
	12	+ char sgn, cfactorstr[1+10+1+1]; /* <sgn><int>%NUL */
	13	int longhdr=(uO.vflag>1);
	14	#endif
	15	int date_format;
	16	@@ -389,9 +389,9 @@ int list_files(__G) /* return PK-type
	17	}
	18	#else /* !WINDLL */
	19	if (cfactor == 100)
	20	- sprintf(cfactorstr, LoadFarString(CompFactor100));
	21	+ snprintf(cfactorstr, sizeof(cfactorstr), LoadFarString(CompFactor100));
	22	else
	23	- sprintf(cfactorstr, LoadFarString(CompFactorStr), sgn, cfactor);
	24	+ snprintf(cfactorstr, sizeof(cfactorstr), LoadFarString(CompFactorStr), sgn, cfactor);
	25	if (longhdr)
	26	Info(slide, 0, ((char *)slide, LoadFarString(LongHdrStats),
	27	FmZofft(G.crec.ucsize, "8", "u"), methbuf,
	28	@@ -471,9 +471,9 @@ int list_files(__G) /* return PK-type
	29
	30	#else /* !WINDLL */
	31	if (cfactor == 100)
	32	- sprintf(cfactorstr, LoadFarString(CompFactor100));
	33	+ snprintf(cfactorstr, sizeof(cfactorstr), LoadFarString(CompFactor100));
	34	else
	35	- sprintf(cfactorstr, LoadFarString(CompFactorStr), sgn, cfactor);
	36	+ snprintf(cfactorstr, sizeof(cfactorstr), LoadFarString(CompFactorStr), sgn, cfactor);
	37	if (longhdr) {
	38	Info(slide, 0, ((char *)slide, LoadFarString(LongFileTrailer),
	39	FmZofft(tot_ucsize, "8", "u"), FmZofft(tot_csize, "8", "u"),