summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRaphael Kubo da Costa <rakuco@FreeBSD.org>2017-09-27 16:53:51 +0000
committerRaphael Kubo da Costa <rakuco@FreeBSD.org>2017-09-27 16:53:51 +0000
commit4f54b38ba9c5d38183b4303d7bc9bf54eb5c285f (patch)
tree72acfdad9cb33cdd528894726029a034805be069
parentMFH: r450128 r450491 (diff)
MFH: r450768
Add a patch for CVE-2017-14107. This is a minor security vulnerability that can lead to a denial of service issue in libzip when a specially crafted archive is used. PR: 222638 Security: b2952517-07e5-4d19-8850-21c5b7e0623f Security: CVE-2017-14107 Approved by: ports-secteam (blanket approval)
-rw-r--r--archivers/libzip/Makefile1
-rw-r--r--archivers/libzip/files/patch-CVE-2017-1410727
2 files changed, 28 insertions, 0 deletions
diff --git a/archivers/libzip/Makefile b/archivers/libzip/Makefile
index 5cdd3dec4715..959d0213bf3f 100644
--- a/archivers/libzip/Makefile
+++ b/archivers/libzip/Makefile
@@ -3,6 +3,7 @@
PORTNAME= libzip
PORTVERSION= 1.1.3
+PORTREVISION= 1
CATEGORIES= archivers devel
MASTER_SITES= http://www.nih.at/libzip/
diff --git a/archivers/libzip/files/patch-CVE-2017-14107 b/archivers/libzip/files/patch-CVE-2017-14107
new file mode 100644
index 000000000000..510d5ff444e8
--- /dev/null
+++ b/archivers/libzip/files/patch-CVE-2017-14107
@@ -0,0 +1,27 @@
+From 9b46957ec98d85a572e9ef98301247f39338a3b5 Mon Sep 17 00:00:00 2001
+From: Thomas Klausner <tk@giga.or.at>
+Date: Tue, 29 Aug 2017 10:25:03 +0200
+Subject: [PATCH] Make eocd checks more consistent between zip and zip64 cases.
+
+---
+ lib/zip_open.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/lib/zip_open.c b/lib/zip_open.c
+index 3bd593b..9d3a4cb 100644
+--- lib/zip_open.c
++++ lib/zip_open.c
+@@ -847,7 +847,12 @@ _zip_read_eocd64(zip_source_t *src, zip_buffer_t *buffer, zip_uint64_t buf_offse
+ zip_error_set(error, ZIP_ER_SEEK, EFBIG);
+ return NULL;
+ }
+- if ((flags & ZIP_CHECKCONS) && offset+size != eocd_offset) {
++ if (offset+size > buf_offset + eocd_offset) {
++ /* cdir spans past EOCD record */
++ zip_error_set(error, ZIP_ER_INCONS, 0);
++ return NULL;
++ }
++ if ((flags & ZIP_CHECKCONS) && offset+size != buf_offset + eocd_offset) {
+ zip_error_set(error, ZIP_ER_INCONS, 0);
+ return NULL;
+ }