| Patrick Williams | c0f7c04 | 2017-02-23 20:41:17 -0600 | [diff] [blame] | 1 | unzip: Fixing security formatting issues |
| 2 | |
| 3 | Fix security formatting issues related to sprintf parameters expeted. |
| 4 | |
| 5 | [YOCTO #9551] |
| 6 | [https://bugzilla.yoctoproject.org/show_bug.cgi?id=9551] |
| 7 | |
| Andrew Geissler | 78b7279 | 2022-06-14 06:47:25 -0500 | [diff] [blame^] | 8 | Upstream-Status: Inactive-Upstream [need a new release] |
| Patrick Williams | c0f7c04 | 2017-02-23 20:41:17 -0600 | [diff] [blame] | 9 | |
| 10 | Signed-off-by: Edwin Plauchu <edwin.plauchu.camacho@intel.com> |
| 11 | |
| 12 | diff --git a/extract.c b/extract.c |
| 13 | index 7cd9123..25c5a62 100644 |
| 14 | --- a/extract.c |
| 15 | +++ b/extract.c |
| 16 | @@ -475,7 +475,7 @@ int extract_or_test_files(__G) /* return PK-type error code */ |
| 17 | Info(slide, 0x401, ((char *)slide, |
| 18 | LoadFarString(CentSigMsg), j + blknum*DIR_BLKSIZ + 1)); |
| 19 | Info(slide, 0x401, ((char *)slide, |
| 20 | - LoadFarString(ReportMsg))); |
| 21 | + "%s",LoadFarString(ReportMsg))); |
| 22 | error_in_archive = PK_BADERR; |
| 23 | } |
| 24 | reached_end = TRUE; /* ...so no more left to do */ |
| 25 | @@ -754,8 +754,8 @@ int extract_or_test_files(__G) /* return PK-type error code */ |
| 26 | |
| 27 | #ifndef SFX |
| 28 | if (no_endsig_found) { /* just to make sure */ |
| 29 | - Info(slide, 0x401, ((char *)slide, LoadFarString(EndSigMsg))); |
| 30 | - Info(slide, 0x401, ((char *)slide, LoadFarString(ReportMsg))); |
| 31 | + Info(slide, 0x401, ((char *)slide, "%s", LoadFarString(EndSigMsg))); |
| 32 | + Info(slide, 0x401, ((char *)slide, "%s", LoadFarString(ReportMsg))); |
| 33 | if (!error_in_archive) /* don't overwrite stronger error */ |
| 34 | error_in_archive = PK_WARN; |
| 35 | } |
| 36 | diff --git a/list.c b/list.c |
| 37 | index 15e0011..0b484f6 100644 |
| 38 | --- a/list.c |
| 39 | +++ b/list.c |
| 40 | @@ -181,7 +181,7 @@ int list_files(__G) /* return PK-type error code */ |
| 41 | Info(slide, 0x401, |
| 42 | ((char *)slide, LoadFarString(CentSigMsg), j)); |
| 43 | Info(slide, 0x401, |
| 44 | - ((char *)slide, LoadFarString(ReportMsg))); |
| 45 | + ((char *)slide, "%s", LoadFarString(ReportMsg))); |
| 46 | return PK_BADERR; /* sig not found */ |
| 47 | } |
| 48 | } |
| 49 | @@ -507,7 +507,7 @@ int list_files(__G) /* return PK-type error code */ |
| 50 | && (!G.ecrec.is_zip64_archive) |
| 51 | && (memcmp(G.sig, end_central_sig, 4) != 0) |
| 52 | ) { /* just to make sure again */ |
| 53 | - Info(slide, 0x401, ((char *)slide, LoadFarString(EndSigMsg))); |
| 54 | + Info(slide, 0x401, ((char *)slide, "%s", LoadFarString(EndSigMsg))); |
| 55 | error_in_archive = PK_WARN; /* didn't find sig */ |
| 56 | } |
| 57 | |
| 58 | @@ -591,7 +591,7 @@ int get_time_stamp(__G__ last_modtime, nmember) /* return PK-type error code */ |
| 59 | Info(slide, 0x401, |
| 60 | ((char *)slide, LoadFarString(CentSigMsg), j)); |
| 61 | Info(slide, 0x401, |
| 62 | - ((char *)slide, LoadFarString(ReportMsg))); |
| 63 | + ((char *)slide, "%s", LoadFarString(ReportMsg))); |
| 64 | return PK_BADERR; /* sig not found */ |
| 65 | } |
| 66 | } |
| 67 | @@ -674,7 +674,7 @@ int get_time_stamp(__G__ last_modtime, nmember) /* return PK-type error code */ |
| 68 | ---------------------------------------------------------------------------*/ |
| 69 | |
| 70 | if (memcmp(G.sig, end_central_sig, 4)) { /* just to make sure again */ |
| 71 | - Info(slide, 0x401, ((char *)slide, LoadFarString(EndSigMsg))); |
| 72 | + Info(slide, 0x401, ((char *)slide, "%s", LoadFarString(EndSigMsg))); |
| 73 | error_in_archive = PK_WARN; |
| 74 | } |
| 75 | if (*nmember == 0L && error_in_archive <= PK_WARN) |
| 76 | diff --git a/zipinfo.c b/zipinfo.c |
| 77 | index 0ac75b3..1e7fa82 100644 |
| 78 | --- a/zipinfo.c |
| 79 | +++ b/zipinfo.c |
| 80 | @@ -833,7 +833,7 @@ int zipinfo(__G) /* return PK-type error code */ |
| 81 | Info(slide, 0x401, |
| 82 | ((char *)slide, LoadFarString(CentSigMsg), j)); |
| 83 | Info(slide, 0x401, |
| 84 | - ((char *)slide, LoadFarString(ReportMsg))); |
| 85 | + ((char *)slide, "%s", LoadFarString(ReportMsg))); |
| 86 | error_in_archive = PK_BADERR; /* sig not found */ |
| 87 | break; |
| 88 | } |
| 89 | @@ -1022,7 +1022,7 @@ int zipinfo(__G) /* return PK-type error code */ |
| 90 | && (!G.ecrec.is_zip64_archive) |
| 91 | && (memcmp(G.sig, end_central_sig, 4) != 0) |
| 92 | ) { /* just to make sure again */ |
| 93 | - Info(slide, 0x401, ((char *)slide, LoadFarString(EndSigMsg))); |
| 94 | + Info(slide, 0x401, ((char *)slide, "%s", LoadFarString(EndSigMsg))); |
| 95 | error_in_archive = PK_WARN; /* didn't find sig */ |
| 96 | } |
| 97 | |