| Brad Bishop | c4ea075 | 2018-11-15 14:30:15 -0800 | [diff] [blame] | 1 | Upstream-Status: Backport [https://sourceforge.net/p/infozip/bugs/53/] |
| 2 | CVE: CVE-2018-18384 |
| 3 | Signed-off-by: Changqing Li <changqing.li@windriver.com> |
| 4 | |
| 5 | --- unzip60/list.c |
| 6 | +++ unzip60/list.c |
| 7 | @@ -97,7 +97,7 @@ int list_files(__G) /* return PK-type |
| 8 | { |
| 9 | int do_this_file=FALSE, cfactor, error, error_in_archive=PK_COOL; |
| 10 | #ifndef WINDLL |
| 11 | - char sgn, cfactorstr[10]; |
| 12 | + char sgn, cfactorstr[1+10+1+1]; /* <sgn><int>%NUL */ |
| 13 | int longhdr=(uO.vflag>1); |
| 14 | #endif |
| 15 | int date_format; |
| 16 | @@ -389,9 +389,9 @@ int list_files(__G) /* return PK-type |
| 17 | } |
| 18 | #else /* !WINDLL */ |
| 19 | if (cfactor == 100) |
| 20 | - sprintf(cfactorstr, LoadFarString(CompFactor100)); |
| 21 | + snprintf(cfactorstr, sizeof(cfactorstr), LoadFarString(CompFactor100)); |
| 22 | else |
| 23 | - sprintf(cfactorstr, LoadFarString(CompFactorStr), sgn, cfactor); |
| 24 | + snprintf(cfactorstr, sizeof(cfactorstr), LoadFarString(CompFactorStr), sgn, cfactor); |
| 25 | if (longhdr) |
| 26 | Info(slide, 0, ((char *)slide, LoadFarString(LongHdrStats), |
| 27 | FmZofft(G.crec.ucsize, "8", "u"), methbuf, |
| 28 | @@ -471,9 +471,9 @@ int list_files(__G) /* return PK-type |
| 29 | |
| 30 | #else /* !WINDLL */ |
| 31 | if (cfactor == 100) |
| 32 | - sprintf(cfactorstr, LoadFarString(CompFactor100)); |
| 33 | + snprintf(cfactorstr, sizeof(cfactorstr), LoadFarString(CompFactor100)); |
| 34 | else |
| 35 | - sprintf(cfactorstr, LoadFarString(CompFactorStr), sgn, cfactor); |
| 36 | + snprintf(cfactorstr, sizeof(cfactorstr), LoadFarString(CompFactorStr), sgn, cfactor); |
| 37 | if (longhdr) { |
| 38 | Info(slide, 0, ((char *)slide, LoadFarString(LongFileTrailer), |
| 39 | FmZofft(tot_ucsize, "8", "u"), FmZofft(tot_csize, "8", "u"), |