MFH: r378382

Apply Debian patch for CVE-2014-9636 which fixes out of boundary access issue in test_compr_eb. PR: ports/197300 Submitted by: Robert Simmons <rsimmons0 gmail com> Security: e543c6f8-abf2-11e4-8ac7-d050992ecde8 Approved by: ports-secteam
svn path=/branches/2015Q1/; revision=378383
2015-02-03 22:46:13 +00:00 · 2015-02-03 22:46:13 +00:00 · 9a5c26df5c · 2021-03-31 03:12:20 +00:00
commit 9a5c26df5c
parent f1be57d7dd
2 changed files with 18 additions and 7 deletions
--- a/archivers/unzip/Makefile
+++ b/archivers/unzip/Makefile
@ -3,7 +3,7 @@

 PORTNAME=	unzip
 PORTVERSION=	6.0
-PORTREVISION=	3
+PORTREVISION=	4
 CATEGORIES=	archivers
 MASTER_SITES=	SF/infozip/UnZip%206.x%20%28latest%29/UnZip%20${PORTVERSION}/:main \
 		SF/infozip/UnZip%205.x%20and%20earlier/5.51/:unreduce
--- a/archivers/unzip/files/patch-extract.c
+++ b/archivers/unzip/files/patch-extract.c
@ -1,5 +1,5 @@
--- extract.c.orig	2015-01-16 10:05:03.994866726 +0100
-+++ extract.c	2015-01-16 09:57:31.606898193 +0100
+--- extract.c.orig	2009-03-14 01:32:52 UTC
+++ extract.c
@@ -1,5 +1,5 @@
 /*
 -  Copyright (c) 1990-2009 Info-ZIP.  All rights reserved.
@ -7,7 +7,7 @@
 
   See the accompanying file LICENSE, version 2009-Jan-02 or later
   (the contents of which are also included in unzip.h) for terms of use.
-@@ -298,6 +298,8 @@
+@@ -298,6 +298,8 @@ char ZCONST Far TruncNTSD[] =
 #ifndef SFX
    static ZCONST char Far InconsistEFlength[] = "bad extra-field entry:\n \
      EF block length (%u bytes) exceeds remaining EF data (%u bytes)\n";
@ -16,7 +16,7 @@
    static ZCONST char Far InvalidComprDataEAs[] =
      " invalid compressed data for EAs\n";
 #  if (defined(WIN32) && defined(NTSD_EAS))
-@@ -2023,7 +2025,8 @@
+@@ -2023,7 +2025,8 @@ static int TestExtraField(__G__ ef, ef_l
         ebID = makeword(ef);
         ebLen = (unsigned)makeword(ef+EB_LEN);
 
@ -26,7 +26,7 @@
            /* Discovered some extra field inconsistency! */
             if (uO.qflag)
                 Info(slide, 1, ((char *)slide, "%-22s ",
-@@ -2032,6 +2035,16 @@
+@@ -2032,6 +2035,16 @@ static int TestExtraField(__G__ ef, ef_l
               ebLen, (ef_len - EB_HEADSIZE)));
             return PK_ERR;
         }
@ -43,7 +43,12 @@
 
         switch (ebID) {
             case EF_OS2:
-@@ -2221,10 +2234,17 @@
+@@ -2217,14 +2230,28 @@ static int test_compr_eb(__G__ eb, eb_si
+     ulg eb_ucsize;
+     uch *eb_ucptr;
+     int r;
+    ush method;
+ 
     if (compr_offset < 4)                /* field is not compressed: */
         return PK_OK;                    /* do nothing and signal OK */
 
@ -61,6 +66,12 @@
 +     ((eb_ucsize = makelong( eb+ (EB_HEADSIZE+ EB_UCSIZE_P))) == 0L) ||
 +     ((eb_ucsize > 0L) && (eb_size <= (compr_offset + EB_CMPRHEADLEN))))
 +        return IZ_EF_TRUNC;             /* no/bad compressed data! */
+
+    method = makeword(eb + (EB_HEADSIZE + compr_offset));
+    if ((method == STORED) && (eb_size - compr_offset != eb_ucsize))
+	return PK_ERR;			  /* compressed & uncompressed
+					   * should match in STORED
+					   * method */
 
     if (
 #ifdef INT_16BIT