aboutsummaryrefslogtreecommitdiff
path: root/gnu/packages/patches/unzip-overflow-on-invalid-input.patch
blob: 013002a88c518e2bf9459245de96768e48541834 (about) (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40

Extracted from a patch in Fedora.

http://pkgs.fedoraproject.org/cgit/unzip.git/tree/unzip-6.0-heap-overflow-infloop.patch?id=d18f821e

From bd150334fb4084f5555a6be26b015a0671cb5b74 Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
Date: Tue, 22 Sep 2015 18:52:23 +0200
Subject: [PATCH 3/3] extract: prevent unsigned overflow on invalid input

Suggested-by: Stefan Cornelius
---
 extract.c | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/extract.c b/extract.c
index 29db027..b9ae667 100644
--- a/extract.c
+++ b/extract.c
@@ -1257,8 +1257,17 @@ static int extract_or_test_entrylist(__G__ numchunk,
         if (G.lrec.compression_method == STORED) {
             zusz_t csiz_decrypted = G.lrec.csize;
 
-            if (G.pInfo->encrypted)
+            if (G.pInfo->encrypted) {
+                if (csiz_decrypted <= 12) {
+                    /* handle the error now to prevent unsigned overflow */
+                    Info(slide, 0x401, ((char *)slide,
+                      LoadFarStringSmall(ErrUnzipNoFile),
+                      LoadFarString(InvalidComprData),
+                      LoadFarStringSmall2(Inflate)));
+                    return PK_ERR;
+                }
                 csiz_decrypted -= 12;
+            }
             if (G.lrec.ucsize != csiz_decrypted) {
                 Info(slide, 0x401, ((char *)slide,
                   LoadFarStringSmall2(WrnStorUCSizCSizDiff),
-- 
2.5.2
generated by cgit
n-cgit-test): Likewise. (run-git-http-test, run-gitolite-test, run-gitile-test): Likewise. * gnu/tests/virtualization.scm (run-libvirt-test, run-childhurd-test): Likewise. * gnu/tests/web.scm (run-webserver-test, run-php-fpm-test) (run-hpcguix-web-server-test, run-tailon-test, run-patchwork-test): Likewise. Ludovic Courtès 2021-05-31tests: Fix loadable-kernel-modules-service tests....* gnu/tests/linux-modules.scm (run-loadable-kernel-modules-service-test): Actually load the modules with kernel-module-loader-service-type. Use a singleton service instead of defining a custom one. * doc/guix.texi (Service Reference): To give an example of linux-loadable-module-service-type use a singleton instead of defining a new service. Brice Waegeneire 2021-05-11gnu: Allow services to install kernel-loadable modules....* gnu/system.scm (operating-system-directory-base-entries): Remove code to handle generation of "kernel" for linux-libre kernels. (operating-system-default-essential-services): Instantiate linux-builder-service-type. (package-for-kernel): Move ... * gnu/services.scm: ... to here. (linux-builder-service-type): New variable. (linux-builder-configuration): New type. (linux-loadable-module-service-type): New variable. * gnu/tests/linux-modules.scm (run-loadable-kernel-modules-test): Move code to ... (run-loadable-kernel-modules-test-base): ... new procedure here. (run-loadable-kernel-modules-service-test): New procedure. (%test-loadable-kernel-modules-service-0): New variable. (%test-loadable-kernel-modules-service-1): New variable. (%test-loadable-kernel-modules-service-2): New variable. * doc/guix.texi: Document linux-loadable-module-service-type. Signed-off-by: Danny Milosavljevic <dannym@scratchpost.org> raid5atemyhomework 2020-04-22system: Automatically adjust linux-module packages to use the...operating-system's kernel. * gnu/system.scm (package-for-kernel): New procedure. (operating-system-directory-base-entries): Use it. * gnu/tests/linux-module.scm: Test it. Danny Milosavljevic 2020-04-05gnu: Add kernel-module-loader-service....* doc/guix.texi (Linux Services): Add a new subsection and document the new service and its configuration. * gnu/services/linux.scm (kernel-module-loader-service-type): New type. (kernel-module-loader-shepherd-service): New procedure. * gnu/tests/linux-modules.scm (module-loader-program): Procedure removed. (modules-loaded?-program): New procedure. (run-loadable-kernel-modules-test): 'module-loader-program' procedure replaced by the new one. [os]: Use 'kernel-module-loader-service'. Signed-off-by: Danny Milosavljevic <dannym@scratchpost.org> Brice Waegeneire 2020-03-22system: Add kernel-loadable-modules to operating-system....* gnu/system.scm (<operating-system>): Add kernel-loadable-modules. (operating-system-directory-base-entries): Use it. * doc/guix.texi (operating-system Reference): Document KERNEL-LOADABLE-MODULES. * gnu/build/linux-modules.scm (depmod): New procedure. (make-linux-module-directory): New procedure. Export it. * guix/profiles.scm (linux-module-database): New procedure. Export it. * gnu/tests/linux-modules.scm: New file. * gnu/local.mk (GNU_SYSTEM_MODULES): Add it. * gnu/packages/linux.scm (make-linux-libre*)[arguments]<#:phases>[install]: Disable depmod. Remove "build" and "source" symlinks. [native-inputs]: Remove kmod. Danny Milosavljevic