diff options
author | Roy Li <rongqing.li@windriver.com> | 2015-04-29 08:53:35 +0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2015-06-28 09:44:07 +0100 |
commit | 08a09c34104eaf54cb46e48227f022e895d4e39a (patch) | |
tree | 0eb1d954e8e0cfd7717fa5b39b499487e4ba9b0f /meta | |
parent | d271a8e004fc29dba48c444157f7d1a9b59a105f (diff) | |
download | poky-08a09c34104eaf54cb46e48227f022e895d4e39a.tar.gz |
unzip: Security Advisory -CVE-2014-9636 and CVE-2015-1315
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9636
unzip 6.0 allows remote attackers to cause a denial of service
(out-of-bounds read or write and crash) via an extra field with
an uncompressed size smaller than the compressed field size in a
zip archive that advertises STORED method compression.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1315
Buffer overflow in the charset_to_intern function in unix/unix.c in
Info-Zip UnZip 6.10b allows remote attackers to execute arbitrary code
via a crafted string, as demonstrated by converting a string from CP866
to UTF-8.
(From OE-Core rev: f86a178fd7036541a45bf31a46bddf634c133802)
(From OE-Core rev: d868f9e8a6a5d4dc9c38e2881a329f7e3210eab8)
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta')
3 files changed, 451 insertions, 1 deletions
diff --git a/meta/recipes-extended/unzip/unzip/06-unzip60-alt-iconv-utf8_CVE-2015-1315.patch b/meta/recipes-extended/unzip/unzip/06-unzip60-alt-iconv-utf8_CVE-2015-1315.patch new file mode 100644 index 0000000000..9ba3c1dc62 --- /dev/null +++ b/meta/recipes-extended/unzip/unzip/06-unzip60-alt-iconv-utf8_CVE-2015-1315.patch | |||
@@ -0,0 +1,402 @@ | |||
1 | From: Giovanni Scafora <giovanni.archlinux.org> | ||
2 | Subject: unzip files encoded with non-latin, non-unicode file names | ||
3 | Last-Update: 2015-02-11 | ||
4 | |||
5 | Upstream-Status: Backport | ||
6 | |||
7 | Updated 2015-02-11 by Marc Deslauriers <marc.deslauriers@canonical.com> | ||
8 | to fix buffer overflow in charset_to_intern() | ||
9 | |||
10 | Signed-off-by: Marc Deslauriers <marc.deslauriers@canonical.com> | ||
11 | |||
12 | Index: unzip-6.0/unix/unix.c | ||
13 | =================================================================== | ||
14 | --- unzip-6.0.orig/unix/unix.c 2015-02-11 08:46:43.675324290 -0500 | ||
15 | +++ unzip-6.0/unix/unix.c 2015-02-11 09:18:04.902081319 -0500 | ||
16 | @@ -30,6 +30,9 @@ | ||
17 | #define UNZIP_INTERNAL | ||
18 | #include "unzip.h" | ||
19 | |||
20 | +#include <iconv.h> | ||
21 | +#include <langinfo.h> | ||
22 | + | ||
23 | #ifdef SCO_XENIX | ||
24 | # define SYSNDIR | ||
25 | #else /* SCO Unix, AIX, DNIX, TI SysV, Coherent 4.x, ... */ | ||
26 | @@ -1874,3 +1877,102 @@ | ||
27 | } | ||
28 | } | ||
29 | #endif /* QLZIP */ | ||
30 | + | ||
31 | + | ||
32 | +typedef struct { | ||
33 | + char *local_charset; | ||
34 | + char *archive_charset; | ||
35 | +} CHARSET_MAP; | ||
36 | + | ||
37 | +/* A mapping of local <-> archive charsets used by default to convert filenames | ||
38 | + * of DOS/Windows Zip archives. Currently very basic. */ | ||
39 | +static CHARSET_MAP dos_charset_map[] = { | ||
40 | + { "ANSI_X3.4-1968", "CP850" }, | ||
41 | + { "ISO-8859-1", "CP850" }, | ||
42 | + { "CP1252", "CP850" }, | ||
43 | + { "UTF-8", "CP866" }, | ||
44 | + { "KOI8-R", "CP866" }, | ||
45 | + { "KOI8-U", "CP866" }, | ||
46 | + { "ISO-8859-5", "CP866" } | ||
47 | +}; | ||
48 | + | ||
49 | +char OEM_CP[MAX_CP_NAME] = ""; | ||
50 | +char ISO_CP[MAX_CP_NAME] = ""; | ||
51 | + | ||
52 | +/* Try to guess the default value of OEM_CP based on the current locale. | ||
53 | + * ISO_CP is left alone for now. */ | ||
54 | +void init_conversion_charsets() | ||
55 | +{ | ||
56 | + const char *local_charset; | ||
57 | + int i; | ||
58 | + | ||
59 | + /* Make a guess only if OEM_CP not already set. */ | ||
60 | + if(*OEM_CP == '\0') { | ||
61 | + local_charset = nl_langinfo(CODESET); | ||
62 | + for(i = 0; i < sizeof(dos_charset_map)/sizeof(CHARSET_MAP); i++) | ||
63 | + if(!strcasecmp(local_charset, dos_charset_map[i].local_charset)) { | ||
64 | + strncpy(OEM_CP, dos_charset_map[i].archive_charset, | ||
65 | + sizeof(OEM_CP)); | ||
66 | + break; | ||
67 | + } | ||
68 | + } | ||
69 | +} | ||
70 | + | ||
71 | +/* Convert a string from one encoding to the current locale using iconv(). | ||
72 | + * Be as non-intrusive as possible. If error is encountered during covertion | ||
73 | + * just leave the string intact. */ | ||
74 | +static void charset_to_intern(char *string, char *from_charset) | ||
75 | +{ | ||
76 | + iconv_t cd; | ||
77 | + char *s,*d, *buf; | ||
78 | + size_t slen, dlen, buflen; | ||
79 | + const char *local_charset; | ||
80 | + | ||
81 | + if(*from_charset == '\0') | ||
82 | + return; | ||
83 | + | ||
84 | + buf = NULL; | ||
85 | + local_charset = nl_langinfo(CODESET); | ||
86 | + | ||
87 | + if((cd = iconv_open(local_charset, from_charset)) == (iconv_t)-1) | ||
88 | + return; | ||
89 | + | ||
90 | + slen = strlen(string); | ||
91 | + s = string; | ||
92 | + | ||
93 | + /* Make sure OUTBUFSIZ + 1 never ends up smaller than FILNAMSIZ | ||
94 | + * as this function also gets called with G.outbuf in fileio.c | ||
95 | + */ | ||
96 | + buflen = FILNAMSIZ; | ||
97 | + if (OUTBUFSIZ + 1 < FILNAMSIZ) | ||
98 | + { | ||
99 | + buflen = OUTBUFSIZ + 1; | ||
100 | + } | ||
101 | + | ||
102 | + d = buf = malloc(buflen); | ||
103 | + if(!d) | ||
104 | + goto cleanup; | ||
105 | + | ||
106 | + bzero(buf,buflen); | ||
107 | + dlen = buflen - 1; | ||
108 | + | ||
109 | + if(iconv(cd, &s, &slen, &d, &dlen) == (size_t)-1) | ||
110 | + goto cleanup; | ||
111 | + strncpy(string, buf, buflen); | ||
112 | + | ||
113 | + cleanup: | ||
114 | + free(buf); | ||
115 | + iconv_close(cd); | ||
116 | +} | ||
117 | + | ||
118 | +/* Convert a string from OEM_CP to the current locale charset. */ | ||
119 | +inline void oem_intern(char *string) | ||
120 | +{ | ||
121 | + charset_to_intern(string, OEM_CP); | ||
122 | +} | ||
123 | + | ||
124 | +/* Convert a string from ISO_CP to the current locale charset. */ | ||
125 | +inline void iso_intern(char *string) | ||
126 | +{ | ||
127 | + charset_to_intern(string, ISO_CP); | ||
128 | +} | ||
129 | Index: unzip-6.0/unix/unxcfg.h | ||
130 | =================================================================== | ||
131 | --- unzip-6.0.orig/unix/unxcfg.h 2015-02-11 08:46:43.675324290 -0500 | ||
132 | +++ unzip-6.0/unix/unxcfg.h 2015-02-11 08:46:43.671324260 -0500 | ||
133 | @@ -228,4 +228,30 @@ | ||
134 | /* wild_dir, dirname, wildname, matchname[], dirnamelen, have_dirname, */ | ||
135 | /* and notfirstcall are used by do_wild(). */ | ||
136 | |||
137 | + | ||
138 | +#define MAX_CP_NAME 25 | ||
139 | + | ||
140 | +#ifdef SETLOCALE | ||
141 | +# undef SETLOCALE | ||
142 | +#endif | ||
143 | +#define SETLOCALE(category, locale) setlocale(category, locale) | ||
144 | +#include <locale.h> | ||
145 | + | ||
146 | +#ifdef _ISO_INTERN | ||
147 | +# undef _ISO_INTERN | ||
148 | +#endif | ||
149 | +#define _ISO_INTERN(str1) iso_intern(str1) | ||
150 | + | ||
151 | +#ifdef _OEM_INTERN | ||
152 | +# undef _OEM_INTERN | ||
153 | +#endif | ||
154 | +#ifndef IZ_OEM2ISO_ARRAY | ||
155 | +# define IZ_OEM2ISO_ARRAY | ||
156 | +#endif | ||
157 | +#define _OEM_INTERN(str1) oem_intern(str1) | ||
158 | + | ||
159 | +void iso_intern(char *); | ||
160 | +void oem_intern(char *); | ||
161 | +void init_conversion_charsets(void); | ||
162 | + | ||
163 | #endif /* !__unxcfg_h */ | ||
164 | Index: unzip-6.0/unzip.c | ||
165 | =================================================================== | ||
166 | --- unzip-6.0.orig/unzip.c 2015-02-11 08:46:43.675324290 -0500 | ||
167 | +++ unzip-6.0/unzip.c 2015-02-11 08:46:43.675324290 -0500 | ||
168 | @@ -327,11 +327,21 @@ | ||
169 | -2 just filenames but allow -h/-t/-z -l long Unix \"ls -l\" format\n\ | ||
170 | -v verbose, multi-page format\n"; | ||
171 | |||
172 | +#ifndef UNIX | ||
173 | static ZCONST char Far ZipInfoUsageLine3[] = "miscellaneous options:\n\ | ||
174 | -h print header line -t print totals for listed files or for all\n\ | ||
175 | -z print zipfile comment -T print file times in sortable decimal format\ | ||
176 | \n -C be case-insensitive %s\ | ||
177 | -x exclude filenames that follow from listing\n"; | ||
178 | +#else /* UNIX */ | ||
179 | +static ZCONST char Far ZipInfoUsageLine3[] = "miscellaneous options:\n\ | ||
180 | + -h print header line -t print totals for listed files or for all\n\ | ||
181 | + -z print zipfile comment %c-T%c print file times in sortable decimal format\ | ||
182 | +\n %c-C%c be case-insensitive %s\ | ||
183 | + -x exclude filenames that follow from listing\n\ | ||
184 | + -O CHARSET specify a character encoding for DOS, Windows and OS/2 archives\n\ | ||
185 | + -I CHARSET specify a character encoding for UNIX and other archives\n"; | ||
186 | +#endif /* !UNIX */ | ||
187 | #ifdef MORE | ||
188 | static ZCONST char Far ZipInfoUsageLine4[] = | ||
189 | " -M page output through built-in \"more\"\n"; | ||
190 | @@ -664,6 +674,17 @@ | ||
191 | -U use escapes for all non-ASCII Unicode -UU ignore any Unicode fields\n\ | ||
192 | -C match filenames case-insensitively -L make (some) names \ | ||
193 | lowercase\n %-42s -V retain VMS version numbers\n%s"; | ||
194 | +#elif (defined UNIX) | ||
195 | +static ZCONST char Far UnzipUsageLine4[] = "\ | ||
196 | +modifiers:\n\ | ||
197 | + -n never overwrite existing files -q quiet mode (-qq => quieter)\n\ | ||
198 | + -o overwrite files WITHOUT prompting -a auto-convert any text files\n\ | ||
199 | + -j junk paths (do not make directories) -aa treat ALL files as text\n\ | ||
200 | + -U use escapes for all non-ASCII Unicode -UU ignore any Unicode fields\n\ | ||
201 | + -C match filenames case-insensitively -L make (some) names \ | ||
202 | +lowercase\n %-42s -V retain VMS version numbers\n%s\ | ||
203 | + -O CHARSET specify a character encoding for DOS, Windows and OS/2 archives\n\ | ||
204 | + -I CHARSET specify a character encoding for UNIX and other archives\n\n"; | ||
205 | #else /* !VMS */ | ||
206 | static ZCONST char Far UnzipUsageLine4[] = "\ | ||
207 | modifiers:\n\ | ||
208 | @@ -802,6 +823,10 @@ | ||
209 | #endif /* UNICODE_SUPPORT */ | ||
210 | |||
211 | |||
212 | +#ifdef UNIX | ||
213 | + init_conversion_charsets(); | ||
214 | +#endif | ||
215 | + | ||
216 | #if (defined(__IBMC__) && defined(__DEBUG_ALLOC__)) | ||
217 | extern void DebugMalloc(void); | ||
218 | |||
219 | @@ -1335,6 +1360,11 @@ | ||
220 | argc = *pargc; | ||
221 | argv = *pargv; | ||
222 | |||
223 | +#ifdef UNIX | ||
224 | + extern char OEM_CP[MAX_CP_NAME]; | ||
225 | + extern char ISO_CP[MAX_CP_NAME]; | ||
226 | +#endif | ||
227 | + | ||
228 | while (++argv, (--argc > 0 && *argv != NULL && **argv == '-')) { | ||
229 | s = *argv + 1; | ||
230 | while ((c = *s++) != 0) { /* "!= 0": prevent Turbo C warning */ | ||
231 | @@ -1516,6 +1546,35 @@ | ||
232 | } | ||
233 | break; | ||
234 | #endif /* MACOS */ | ||
235 | +#ifdef UNIX | ||
236 | + case ('I'): | ||
237 | + if (negative) { | ||
238 | + Info(slide, 0x401, ((char *)slide, | ||
239 | + "error: encodings can't be negated")); | ||
240 | + return(PK_PARAM); | ||
241 | + } else { | ||
242 | + if(*s) { /* Handle the -Icharset case */ | ||
243 | + /* Assume that charsets can't start with a dash to spot arguments misuse */ | ||
244 | + if(*s == '-') { | ||
245 | + Info(slide, 0x401, ((char *)slide, | ||
246 | + "error: a valid character encoding should follow the -I argument")); | ||
247 | + return(PK_PARAM); | ||
248 | + } | ||
249 | + strncpy(ISO_CP, s, sizeof(ISO_CP)); | ||
250 | + } else { /* -I charset */ | ||
251 | + ++argv; | ||
252 | + if(!(--argc > 0 && *argv != NULL && **argv != '-')) { | ||
253 | + Info(slide, 0x401, ((char *)slide, | ||
254 | + "error: a valid character encoding should follow the -I argument")); | ||
255 | + return(PK_PARAM); | ||
256 | + } | ||
257 | + s = *argv; | ||
258 | + strncpy(ISO_CP, s, sizeof(ISO_CP)); | ||
259 | + } | ||
260 | + while(*(++s)); /* No params straight after charset name */ | ||
261 | + } | ||
262 | + break; | ||
263 | +#endif /* ?UNIX */ | ||
264 | case ('j'): /* junk pathnames/directory structure */ | ||
265 | if (negative) | ||
266 | uO.jflag = FALSE, negative = 0; | ||
267 | @@ -1591,6 +1650,35 @@ | ||
268 | } else | ||
269 | ++uO.overwrite_all; | ||
270 | break; | ||
271 | +#ifdef UNIX | ||
272 | + case ('O'): | ||
273 | + if (negative) { | ||
274 | + Info(slide, 0x401, ((char *)slide, | ||
275 | + "error: encodings can't be negated")); | ||
276 | + return(PK_PARAM); | ||
277 | + } else { | ||
278 | + if(*s) { /* Handle the -Ocharset case */ | ||
279 | + /* Assume that charsets can't start with a dash to spot arguments misuse */ | ||
280 | + if(*s == '-') { | ||
281 | + Info(slide, 0x401, ((char *)slide, | ||
282 | + "error: a valid character encoding should follow the -I argument")); | ||
283 | + return(PK_PARAM); | ||
284 | + } | ||
285 | + strncpy(OEM_CP, s, sizeof(OEM_CP)); | ||
286 | + } else { /* -O charset */ | ||
287 | + ++argv; | ||
288 | + if(!(--argc > 0 && *argv != NULL && **argv != '-')) { | ||
289 | + Info(slide, 0x401, ((char *)slide, | ||
290 | + "error: a valid character encoding should follow the -O argument")); | ||
291 | + return(PK_PARAM); | ||
292 | + } | ||
293 | + s = *argv; | ||
294 | + strncpy(OEM_CP, s, sizeof(OEM_CP)); | ||
295 | + } | ||
296 | + while(*(++s)); /* No params straight after charset name */ | ||
297 | + } | ||
298 | + break; | ||
299 | +#endif /* ?UNIX */ | ||
300 | case ('p'): /* pipes: extract to stdout, no messages */ | ||
301 | if (negative) { | ||
302 | uO.cflag = FALSE; | ||
303 | Index: unzip-6.0/unzpriv.h | ||
304 | =================================================================== | ||
305 | --- unzip-6.0.orig/unzpriv.h 2015-02-11 08:46:43.675324290 -0500 | ||
306 | +++ unzip-6.0/unzpriv.h 2015-02-11 08:46:43.675324290 -0500 | ||
307 | @@ -3008,7 +3008,7 @@ | ||
308 | !(((islochdr) || (isuxatt)) && \ | ||
309 | ((hostver) == 25 || (hostver) == 26 || (hostver) == 40))) || \ | ||
310 | (hostnum) == FS_HPFS_ || \ | ||
311 | - ((hostnum) == FS_NTFS_ && (hostver) == 50)) { \ | ||
312 | + ((hostnum) == FS_NTFS_ /* && (hostver) == 50 */ )) { \ | ||
313 | _OEM_INTERN((string)); \ | ||
314 | } else { \ | ||
315 | _ISO_INTERN((string)); \ | ||
316 | Index: unzip-6.0/zipinfo.c | ||
317 | =================================================================== | ||
318 | --- unzip-6.0.orig/zipinfo.c 2015-02-11 08:46:43.675324290 -0500 | ||
319 | +++ unzip-6.0/zipinfo.c 2015-02-11 08:46:43.675324290 -0500 | ||
320 | @@ -457,6 +457,10 @@ | ||
321 | int tflag_slm=TRUE, tflag_2v=FALSE; | ||
322 | int explicit_h=FALSE, explicit_t=FALSE; | ||
323 | |||
324 | +#ifdef UNIX | ||
325 | + extern char OEM_CP[MAX_CP_NAME]; | ||
326 | + extern char ISO_CP[MAX_CP_NAME]; | ||
327 | +#endif | ||
328 | |||
329 | #ifdef MACOS | ||
330 | uO.lflag = LFLAG; /* reset default on each call */ | ||
331 | @@ -501,6 +505,35 @@ | ||
332 | uO.lflag = 0; | ||
333 | } | ||
334 | break; | ||
335 | +#ifdef UNIX | ||
336 | + case ('I'): | ||
337 | + if (negative) { | ||
338 | + Info(slide, 0x401, ((char *)slide, | ||
339 | + "error: encodings can't be negated")); | ||
340 | + return(PK_PARAM); | ||
341 | + } else { | ||
342 | + if(*s) { /* Handle the -Icharset case */ | ||
343 | + /* Assume that charsets can't start with a dash to spot arguments misuse */ | ||
344 | + if(*s == '-') { | ||
345 | + Info(slide, 0x401, ((char *)slide, | ||
346 | + "error: a valid character encoding should follow the -I argument")); | ||
347 | + return(PK_PARAM); | ||
348 | + } | ||
349 | + strncpy(ISO_CP, s, sizeof(ISO_CP)); | ||
350 | + } else { /* -I charset */ | ||
351 | + ++argv; | ||
352 | + if(!(--argc > 0 && *argv != NULL && **argv != '-')) { | ||
353 | + Info(slide, 0x401, ((char *)slide, | ||
354 | + "error: a valid character encoding should follow the -I argument")); | ||
355 | + return(PK_PARAM); | ||
356 | + } | ||
357 | + s = *argv; | ||
358 | + strncpy(ISO_CP, s, sizeof(ISO_CP)); | ||
359 | + } | ||
360 | + while(*(++s)); /* No params straight after charset name */ | ||
361 | + } | ||
362 | + break; | ||
363 | +#endif /* ?UNIX */ | ||
364 | case 'l': /* longer form of "ls -l" type listing */ | ||
365 | if (negative) | ||
366 | uO.lflag = -2, negative = 0; | ||
367 | @@ -521,6 +554,35 @@ | ||
368 | G.M_flag = TRUE; | ||
369 | break; | ||
370 | #endif | ||
371 | +#ifdef UNIX | ||
372 | + case ('O'): | ||
373 | + if (negative) { | ||
374 | + Info(slide, 0x401, ((char *)slide, | ||
375 | + "error: encodings can't be negated")); | ||
376 | + return(PK_PARAM); | ||
377 | + } else { | ||
378 | + if(*s) { /* Handle the -Ocharset case */ | ||
379 | + /* Assume that charsets can't start with a dash to spot arguments misuse */ | ||
380 | + if(*s == '-') { | ||
381 | + Info(slide, 0x401, ((char *)slide, | ||
382 | + "error: a valid character encoding should follow the -I argument")); | ||
383 | + return(PK_PARAM); | ||
384 | + } | ||
385 | + strncpy(OEM_CP, s, sizeof(OEM_CP)); | ||
386 | + } else { /* -O charset */ | ||
387 | + ++argv; | ||
388 | + if(!(--argc > 0 && *argv != NULL && **argv != '-')) { | ||
389 | + Info(slide, 0x401, ((char *)slide, | ||
390 | + "error: a valid character encoding should follow the -O argument")); | ||
391 | + return(PK_PARAM); | ||
392 | + } | ||
393 | + s = *argv; | ||
394 | + strncpy(OEM_CP, s, sizeof(OEM_CP)); | ||
395 | + } | ||
396 | + while(*(++s)); /* No params straight after charset name */ | ||
397 | + } | ||
398 | + break; | ||
399 | +#endif /* ?UNIX */ | ||
400 | case 's': /* default: shorter "ls -l" type listing */ | ||
401 | if (negative) | ||
402 | uO.lflag = -2, negative = 0; | ||
diff --git a/meta/recipes-extended/unzip/unzip/unzip-6.0_overflow3.diff b/meta/recipes-extended/unzip/unzip/unzip-6.0_overflow3.diff new file mode 100644 index 0000000000..0a0bfbbb17 --- /dev/null +++ b/meta/recipes-extended/unzip/unzip/unzip-6.0_overflow3.diff | |||
@@ -0,0 +1,45 @@ | |||
1 | From 190040ebfcf5395a6ccedede2cc9343d34f0a108 Mon Sep 17 00:00:00 2001 | ||
2 | From: mancha <mancha1 AT zoho DOT com> | ||
3 | Date: Wed, 11 Feb 2015 | ||
4 | Subject: Info-ZIP UnZip buffer overflow | ||
5 | |||
6 | Upstream-Status: Backport | ||
7 | |||
8 | By carefully crafting a corrupt ZIP archive with "extra fields" that | ||
9 | purport to have compressed blocks larger than the corresponding | ||
10 | uncompressed blocks in STORED no-compression mode, an attacker can | ||
11 | trigger a heap overflow that can result in application crash or | ||
12 | possibly have other unspecified impact. | ||
13 | |||
14 | This patch ensures that when extra fields use STORED mode, the | ||
15 | "compressed" and uncompressed block sizes match. | ||
16 | |||
17 | Signed-off-by: mancha <mancha1 AT zoho DOT com> | ||
18 | --- | ||
19 | extract.c | 8 ++++++++ | ||
20 | 1 file changed, 8 insertions(+) | ||
21 | |||
22 | --- a/extract.c | ||
23 | +++ b/extract.c | ||
24 | @@ -2217,6 +2217,7 @@ static int test_compr_eb(__G__ eb, eb_si | ||
25 | ulg eb_ucsize; | ||
26 | uch *eb_ucptr; | ||
27 | int r; | ||
28 | + ush method; | ||
29 | |||
30 | if (compr_offset < 4) /* field is not compressed: */ | ||
31 | return PK_OK; /* do nothing and signal OK */ | ||
32 | @@ -2226,6 +2227,13 @@ static int test_compr_eb(__G__ eb, eb_si | ||
33 | eb_size <= (compr_offset + EB_CMPRHEADLEN))) | ||
34 | return IZ_EF_TRUNC; /* no compressed data! */ | ||
35 | |||
36 | + method = makeword(eb + (EB_HEADSIZE + compr_offset)); | ||
37 | + if ((method == STORED) && | ||
38 | + (eb_size - compr_offset - EB_CMPRHEADLEN != eb_ucsize)) | ||
39 | + return PK_ERR; /* compressed & uncompressed | ||
40 | + * should match in STORED | ||
41 | + * method */ | ||
42 | + | ||
43 | if ( | ||
44 | #ifdef INT_16BIT | ||
45 | (((ulg)(extent)eb_ucsize) != eb_ucsize) || | ||
diff --git a/meta/recipes-extended/unzip/unzip_6.0.bb b/meta/recipes-extended/unzip/unzip_6.0.bb index e203c069f4..5060d35546 100644 --- a/meta/recipes-extended/unzip/unzip_6.0.bb +++ b/meta/recipes-extended/unzip/unzip_6.0.bb | |||
@@ -8,7 +8,10 @@ PR = "r5" | |||
8 | 8 | ||
9 | SRC_URI = "ftp://ftp.info-zip.org/pub/infozip/src/unzip60.tgz \ | 9 | SRC_URI = "ftp://ftp.info-zip.org/pub/infozip/src/unzip60.tgz \ |
10 | file://avoid-strip.patch \ | 10 | file://avoid-strip.patch \ |
11 | file://define-ldflags.patch" | 11 | file://define-ldflags.patch \ |
12 | file://06-unzip60-alt-iconv-utf8_CVE-2015-1315.patch \ | ||
13 | file://unzip-6.0_overflow3.diff \ | ||
14 | " | ||
12 | 15 | ||
13 | SRC_URI[md5sum] = "62b490407489521db863b523a7f86375" | 16 | SRC_URI[md5sum] = "62b490407489521db863b523a7f86375" |
14 | SRC_URI[sha256sum] = "036d96991646d0449ed0aa952e4fbe21b476ce994abc276e49d30e686708bd37" | 17 | SRC_URI[sha256sum] = "036d96991646d0449ed0aa952e4fbe21b476ce994abc276e49d30e686708bd37" |