Projects
Mega:23.09
zlib
_service:tar_scm:backport-CVE-2023-45853.patch
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _service:tar_scm:backport-CVE-2023-45853.patch of Package zlib
From 73331a6a0481067628f065ffe87bb1d8f787d10c Mon Sep 17 00:00:00 2001 From: Hans Wennborg <hans@chromium.org> Date: Fri, 18 Aug 2023 11:05:33 +0200 Subject: [PATCH] Reject overflows of zip header fields in minizip. This checks the lengths of the file name, extra field, and comment that would be put in the zip headers, and rejects them if they are too long. They are each limited to 65535 bytes in length by the zip format. This also avoids possible buffer overflows if the provided fields are too long. --- contrib/minizip/zip.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/contrib/minizip/zip.c b/contrib/minizip/zip.c index 3d3d4ca..0446109 100644 --- a/contrib/minizip/zip.c +++ b/contrib/minizip/zip.c @@ -1043,6 +1043,17 @@ extern int ZEXPORT zipOpenNewFileInZip4_64(zipFile file, const char* filename, c return ZIP_PARAMERROR; #endif + // The filename and comment length must fit in 16 bits. + if ((filename!=NULL) && (strlen(filename)>0xffff)) + return ZIP_PARAMERROR; + if ((comment!=NULL) && (strlen(comment)>0xffff)) + return ZIP_PARAMERROR; + // The extra field length must fit in 16 bits. If the member also requires + // a Zip64 extra block, that will also need to fit within that 16-bit + // length, but that will be checked for later. + if ((size_extrafield_local>0xffff) || (size_extrafield_global>0xffff)) + return ZIP_PARAMERROR; + zi = (zip64_internal*)file; if (zi->in_opened_file_inzip == 1) -- 2.41.0.windows.3
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.
浙ICP备2022010568号-2