mirror of
https://github.com/termux/termux-packages
synced 2024-06-26 20:17:09 +00:00
37 lines
1.2 KiB
Diff
37 lines
1.2 KiB
Diff
From: Karol Babioch <kbabioch@suse.com>
|
|
Subject: Fix buffer overflow in password protected zip archives
|
|
Bug-Debian: https://bugs.debian.org/889838
|
|
Origin: https://bugzilla.novell.com/attachment.cgi?id=759406
|
|
X-Debian-version: 6.0-22
|
|
|
|
--- a/fileio.c
|
|
+++ b/fileio.c
|
|
@@ -1582,6 +1582,10 @@
|
|
int r = IZ_PW_ENTERED;
|
|
char *m;
|
|
char *prompt;
|
|
+ char *zfnf;
|
|
+ char *efnf;
|
|
+ size_t zfnfl;
|
|
+ int isOverflow;
|
|
|
|
#ifndef REENTRANT
|
|
/* tell picky compilers to shut up about "unused variable" warnings */
|
|
@@ -1590,7 +1594,15 @@
|
|
|
|
if (*rcnt == 0) { /* First call for current entry */
|
|
*rcnt = 2;
|
|
- if ((prompt = (char *)malloc(2*FILNAMSIZ + 15)) != (char *)NULL) {
|
|
+ zfnf = FnFilter1(zfn);
|
|
+ efnf = FnFilter2(efn);
|
|
+ zfnfl = strlen(zfnf);
|
|
+ isOverflow = TRUE;
|
|
+ if (2*FILNAMSIZ >= zfnfl && (2*FILNAMSIZ - zfnfl) >= strlen(efnf))
|
|
+ {
|
|
+ isOverflow = FALSE;
|
|
+ }
|
|
+ if ((isOverflow == FALSE) && ((prompt = (char *)malloc(2*FILNAMSIZ + 15)) != (char *)NULL)) {
|
|
sprintf(prompt, LoadFarString(PasswPrompt),
|
|
FnFilter1(zfn), FnFilter2(efn));
|
|
m = prompt;
|