Projects
Factory:RISC-V:Base
unzip
_service:tar_scm:unzip-6.0-cve-2018-1000035-hea...
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _service:tar_scm:unzip-6.0-cve-2018-1000035-heap-based-overflow.patch of Package unzip
--- a/fileio.c 2014-12-05 05:06:05 -0600 +++ b/fileio.c 2017-11-14 01:06:28 -0600 @@ -1,5 +1,5 @@ /* - Copyright (c) 1990-2009 Info-ZIP. All rights reserved. + Copyright (c) 1990-2017 Info-ZIP. All rights reserved. See the accompanying file LICENSE, version 2009-Jan-02 or later (the contents of which are also included in unzip.h) for terms of use. @@ -1582,6 +1582,8 @@ int r = IZ_PW_ENTERED; char *m; char *prompt; + char *ep; + char *zp; #ifndef REENTRANT /* tell picky compilers to shut up about "unused variable" warnings */ @@ -1590,9 +1592,12 @@ if (*rcnt == 0) { /* First call for current entry */ *rcnt = 2; - if ((prompt = (char *)malloc(2*FILNAMSIZ + 15)) != (char *)NULL) { - sprintf(prompt, LoadFarString(PasswPrompt), - FnFilter1(zfn), FnFilter2(efn)); + zp = FnFilter1( zfn); + ep = FnFilter2( efn); + prompt = (char *)malloc( /* Slightly too long (2* "%s"). */ + sizeof( PasswPrompt)+ strlen( zp)+ strlen( ep)); + if (prompt != (char *)NULL) { + sprintf(prompt, LoadFarString(PasswPrompt), zp, ep); m = prompt; } else m = (char *)LoadFarString(PasswPrompt2);
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.
浙ICP备2022010568号-2