diff options
author | Raphael Kubo da Costa <rakuco@FreeBSD.org> | 2017-09-27 16:53:51 +0000 |
---|---|---|
committer | Raphael Kubo da Costa <rakuco@FreeBSD.org> | 2017-09-27 16:53:51 +0000 |
commit | 4f54b38ba9c5d38183b4303d7bc9bf54eb5c285f (patch) | |
tree | 72acfdad9cb33cdd528894726029a034805be069 | |
parent | MFH: r450128 r450491 (diff) |
MFH: r450768
Add a patch for CVE-2017-14107.
This is a minor security vulnerability that can lead to a denial of service
issue in libzip when a specially crafted archive is used.
PR: 222638
Security: b2952517-07e5-4d19-8850-21c5b7e0623f
Security: CVE-2017-14107
Approved by: ports-secteam (blanket approval)
-rw-r--r-- | archivers/libzip/Makefile | 1 | ||||
-rw-r--r-- | archivers/libzip/files/patch-CVE-2017-14107 | 27 |
2 files changed, 28 insertions, 0 deletions
diff --git a/archivers/libzip/Makefile b/archivers/libzip/Makefile index 5cdd3dec4715..959d0213bf3f 100644 --- a/archivers/libzip/Makefile +++ b/archivers/libzip/Makefile @@ -3,6 +3,7 @@ PORTNAME= libzip PORTVERSION= 1.1.3 +PORTREVISION= 1 CATEGORIES= archivers devel MASTER_SITES= http://www.nih.at/libzip/ diff --git a/archivers/libzip/files/patch-CVE-2017-14107 b/archivers/libzip/files/patch-CVE-2017-14107 new file mode 100644 index 000000000000..510d5ff444e8 --- /dev/null +++ b/archivers/libzip/files/patch-CVE-2017-14107 @@ -0,0 +1,27 @@ +From 9b46957ec98d85a572e9ef98301247f39338a3b5 Mon Sep 17 00:00:00 2001 +From: Thomas Klausner <tk@giga.or.at> +Date: Tue, 29 Aug 2017 10:25:03 +0200 +Subject: [PATCH] Make eocd checks more consistent between zip and zip64 cases. + +--- + lib/zip_open.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/lib/zip_open.c b/lib/zip_open.c +index 3bd593b..9d3a4cb 100644 +--- lib/zip_open.c ++++ lib/zip_open.c +@@ -847,7 +847,12 @@ _zip_read_eocd64(zip_source_t *src, zip_buffer_t *buffer, zip_uint64_t buf_offse + zip_error_set(error, ZIP_ER_SEEK, EFBIG); + return NULL; + } +- if ((flags & ZIP_CHECKCONS) && offset+size != eocd_offset) { ++ if (offset+size > buf_offset + eocd_offset) { ++ /* cdir spans past EOCD record */ ++ zip_error_set(error, ZIP_ER_INCONS, 0); ++ return NULL; ++ } ++ if ((flags & ZIP_CHECKCONS) && offset+size != buf_offset + eocd_offset) { + zip_error_set(error, ZIP_ER_INCONS, 0); + return NULL; + } |