From 6d351831be705cc26d897db44f878a978f4138fc Mon Sep 17 00:00:00 2001 From: Mark Adler Date: Thu, 25 Jul 2019 20:43:17 -0700 Subject: [PATCH] Do not raise a zip bomb alert for a misplaced central directory. There is a zip-like file in the Firefox distribution, omni.ja, which is a zip container with the central directory placed at the start of the file instead of after the local entries as required by the zip standard. This commit marks the actual location of the central directory, as well as the end of central directory records, as disallowed locations. This now permits such containers to not raise a zip bomb alert, where in fact there are no overlaps. --- extract.c | 25 +++++++++++++++++++------ process.c | 6 ++++++ unzpriv.h | 10 ++++++++++ 3 files changed, 35 insertions(+), 6 deletions(-) diff --git a/extract.c b/extract.c index 0973a33..1b73cb0 100644 --- a/extract.c +++ b/extract.c @@ -493,8 +493,11 @@ int extract_or_test_files(__G) /*
aboutsummaryrefslogtreecommitdiff
Taken from https://raw.githubusercontent.com/archlinux/svntogit-community/packages/haskell-bytestring-handle/trunk/ghc9.patch

--- bytestring-handle-0.1.0.6/src/Data/ByteString/Handle/Write.hs.orig	2021-06-21 14:54:12.217134401 +0800
+++ bytestring-handle-0.1.0.6/src/Data/ByteString/Handle/Write.hs	2021-06-21 15:24:01.794796505 +0800
@@ -17,7 +17,7 @@
 
 import GHC.IO.Buffer ( BufferState(..), emptyBuffer, Buffer(..) )
 import GHC.IO.BufferedIO ( BufferedIO(..) )
-import GHC.IO.Device ( IODevice(..), IODeviceType(..), SeekMode(..) )
+import GHC.IO.Device ( IODevice(..), IODeviceType(..), SeekMode(..), RawIO(..) )
 #if MIN_VERSION_base(4,5,0)
 import GHC.IO.Encoding ( getLocaleEncoding )
 #else
@@ -138,6 +138,7 @@
                                 seek_base = error "seek_base needs to be updated"
                    })
         modifyIORef (write_size ws) (`max` newSeekPos)
+        pure newSeekPos
 
     tell ws = do
         ss <- readIORef (write_seek_state ws)
@@ -152,6 +153,12 @@
 
     devType _ = return RegularFile -- TODO: is this correct?
 
+instance RawIO WriteState where
+    read _ _ _ _ = return 0
+    readNonBlocking _ _ _ _ = return Nothing
+    write _ _ _ _ = return ()
+    writeNonBlocking _ _ _ _ = return 0
+
 ioe_seekOutOfRange :: IO a
 ioe_seekOutOfRange =
     ioException $ IOError Nothing InvalidArgument ""
--- bytestring-handle-0.1.0.6/src/Data/ByteString/Handle/Read.hs.orig	2021-06-21 14:53:55.433129276 +0800
+++ bytestring-handle-0.1.0.6/src/Data/ByteString/Handle/Read.hs	2021-06-21 15:24:25.998784996 +0800
@@ -24,7 +24,7 @@
     , emptyBuffer, isEmptyBuffer, newBuffer, newByteBuffer
     , bufferElems, withBuffer, withRawBuffer )
 import GHC.IO.BufferedIO ( BufferedIO(..) )
-import GHC.IO.Device ( IODevice(..), IODeviceType(..), SeekMode(..) )
+import GHC.IO.Device ( IODevice(..), IODeviceType(..), SeekMode(..), RawIO(..) )
 #if MIN_VERSION_base(4,5,0)
 import GHC.IO.Encoding ( getLocaleEncoding )
 #else
@@ -155,7 +155,7 @@
                                                       (seek_before_length curSeekState)
                                                       (fromIntegral (seek_pos curSeekState) + seekPos)
                   SeekFromEnd -> normalisedSeekState (read_chunks_backwards rs) [] (read_length rs) seekPos
-        maybe ioe_seekOutOfRange (writeIORef (read_seek_state rs)) newSeekState
+        maybe ioe_seekOutOfRange (\nss -> writeIORef (read_seek_state rs) nss >> pure (fromIntegral(seek_pos nss))) newSeekState
 
     tell rs = do
         ss <- readIORef (read_seek_state rs)
@@ -166,6 +166,12 @@
 
     devType _ = return RegularFile -- TODO: is this correct?
 
+instance RawIO ReadState where
+    read _ _ _ _ = return 0
+    readNonBlocking _ _ _ _ = return Nothing
+    write _ _ _ _ = return ()
+    writeNonBlocking _ _ _ _ = return 0
+
 ioe_seekOutOfRange :: IO a
 ioe_seekOutOfRange =
     ioException $ IOError Nothing InvalidArgument ""