Brad Bishop | 220d553 | 2018-08-14 00:59:39 +0100 | [diff] [blame] | 1 | From 349f566e6e757458843fa164a0f0584280e1501e Mon Sep 17 00:00:00 2001 |
| 2 | From: Changqing Li <changqing.li@windriver.com> |
| 3 | Date: Wed, 15 Aug 2018 16:20:53 +0800 |
| 4 | Subject: [PATCH] unzip: fix CVE-2018-1000035 |
| 5 | |
| 6 | Upstream-Status: Backport |
| 7 | |
| 8 | CVE: CVE-2018-1000035 |
| 9 | |
| 10 | backport from unzip6.10c23 |
| 11 | |
| 12 | Signed-off-by: Changqing Li <changqing.li@windriver.com> |
| 13 | --- |
| 14 | fileio.c | 11 ++++++++--- |
| 15 | 1 file changed, 8 insertions(+), 3 deletions(-) |
| 16 | |
| 17 | diff --git a/fileio.c b/fileio.c |
| 18 | index 36bfea3..7605a29 100644 |
| 19 | --- a/fileio.c |
| 20 | +++ b/fileio.c |
| 21 | @@ -1582,6 +1582,8 @@ int UZ_EXP UzpPassword (pG, rcnt, pwbuf, size, zfn, efn) |
| 22 | int r = IZ_PW_ENTERED; |
| 23 | char *m; |
| 24 | char *prompt; |
| 25 | + char *ep; |
| 26 | + char *zp; |
| 27 | |
| 28 | #ifndef REENTRANT |
| 29 | /* tell picky compilers to shut up about "unused variable" warnings */ |
| 30 | @@ -1590,9 +1592,12 @@ int UZ_EXP UzpPassword (pG, rcnt, pwbuf, size, zfn, efn) |
| 31 | |
| 32 | if (*rcnt == 0) { /* First call for current entry */ |
| 33 | *rcnt = 2; |
| 34 | - if ((prompt = (char *)malloc(2*FILNAMSIZ + 15)) != (char *)NULL) { |
| 35 | - sprintf(prompt, LoadFarString(PasswPrompt), |
| 36 | - FnFilter1(zfn), FnFilter2(efn)); |
| 37 | + zp = FnFilter1( zfn); |
| 38 | + ep = FnFilter2( efn); |
| 39 | + prompt = (char *)malloc( /* Slightly too long (2* "%s"). */ |
| 40 | + sizeof( PasswPrompt)+ strlen( zp)+ strlen( ep)); |
| 41 | + if (prompt != (char *)NULL) { |
| 42 | + sprintf(prompt, LoadFarString(PasswPrompt), zp, ep); |
| 43 | m = prompt; |
| 44 | } else |
| 45 | m = (char *)LoadFarString(PasswPrompt2); |
| 46 | -- |
| 47 | 2.7.4 |
| 48 | |