diff options
Diffstat (limited to 'meta/recipes-extended/unzip/unzip/CVE-2022-0530.patch')
-rw-r--r-- | meta/recipes-extended/unzip/unzip/CVE-2022-0530.patch | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/meta/recipes-extended/unzip/unzip/CVE-2022-0530.patch b/meta/recipes-extended/unzip/unzip/CVE-2022-0530.patch new file mode 100644 index 0000000000..363dafddc9 --- /dev/null +++ b/meta/recipes-extended/unzip/unzip/CVE-2022-0530.patch | |||
@@ -0,0 +1,33 @@ | |||
1 | https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010355 | ||
2 | |||
3 | CVE: CVE-2022-0530 | ||
4 | Upstream-Status: Inactive-Upstream [need a new release] | ||
5 | |||
6 | diff --git a/fileio.c b/fileio.c | ||
7 | index 6290824..77e4b5f 100644 | ||
8 | --- a/fileio.c | ||
9 | +++ b/fileio.c | ||
10 | @@ -2361,6 +2361,9 @@ int do_string(__G__ length, option) /* return PK-type error code */ | ||
11 | /* convert UTF-8 to local character set */ | ||
12 | fn = utf8_to_local_string(G.unipath_filename, | ||
13 | G.unicode_escape_all); | ||
14 | + if (fn == NULL) | ||
15 | + return PK_ERR; | ||
16 | + | ||
17 | /* make sure filename is short enough */ | ||
18 | if (strlen(fn) >= FILNAMSIZ) { | ||
19 | fn[FILNAMSIZ - 1] = '\0'; | ||
20 | diff --git a/process.c b/process.c | ||
21 | index d2a846e..715bc0f 100644 | ||
22 | --- a/process.c | ||
23 | +++ b/process.c | ||
24 | @@ -2605,6 +2605,8 @@ char *utf8_to_local_string(utf8_string, escape_all) | ||
25 | int escape_all; | ||
26 | { | ||
27 | zwchar *wide = utf8_to_wide_string(utf8_string); | ||
28 | + if (wide == NULL) | ||
29 | + return NULL; | ||
30 | char *loc = wide_to_local_string(wide, escape_all); | ||
31 | free(wide); | ||
32 | return loc; | ||
33 | |||