0016-extract-prevent-unsigned-overflow-on-invalid-input.patch (1318B)
1 From c2b00ce1582efdb781355dfa7b161b5393cfa56f Mon Sep 17 00:00:00 2001 2 From: Kamil Dudka <kdudka@redhat.com> 3 Date: Tue, 22 Sep 2015 18:52:23 +0200 4 Subject: [PATCH] extract: prevent unsigned overflow on invalid input 5 6 Suggested-by: Stefan Cornelius 7 --- 8 extract.c | 11 ++++++++++- 9 1 file changed, 10 insertions(+), 1 deletion(-) 10 11 diff --git a/extract.c b/extract.c 12 index 188f1cf..549a5eb 100644 13 --- a/extract.c 14 +++ b/extract.c 15 @@ -1257,8 +1257,17 @@ static int extract_or_test_entrylist(__G__ numchunk, 16 if (G.lrec.compression_method == STORED) { 17 zusz_t csiz_decrypted = G.lrec.csize; 18 19 - if (G.pInfo->encrypted) 20 + if (G.pInfo->encrypted) { 21 + if (csiz_decrypted < 12) { 22 + /* handle the error now to prevent unsigned overflow */ 23 + Info(slide, 0x401, ((char *)slide, 24 + LoadFarStringSmall(ErrUnzipNoFile), 25 + LoadFarString(InvalidComprData), 26 + LoadFarStringSmall2(Inflate))); 27 + return PK_ERR; 28 + } 29 csiz_decrypted -= 12; 30 + } 31 if (G.lrec.ucsize != csiz_decrypted) { 32 Info(slide, 0x401, ((char *)slide, 33 LoadFarStringSmall2(WrnStorUCSizCSizDiff), 34 -- 35 2.20.1 36