[arch-commits] Commit in unzip/trunk (PKGBUILD unzip-6.0_CVE-2021-4217.patch)
Jonas Witschel
diabonas at gemini.archlinux.org
Wed Feb 16 17:08:57 UTC 2022
Date: Wednesday, February 16, 2022 @ 17:08:57
Author: diabonas
Revision: 437501
upgpkg: unzip 6.0-16: fix NULL pointer dereference (CVE-2021-4217, FS#73542)
See https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1957077 for a bug
report including a reproducer and a proposed patch. The first part of the patch
is already covered by "unzip-6.0-valgrind.patch", so apply only the changes to
process.c directly related to CVE-2021-4217. After applying the patch, the
reproducer does not crash unzip any more.
Added:
unzip/trunk/unzip-6.0_CVE-2021-4217.patch
Modified:
unzip/trunk/PKGBUILD
-------------------------------+
PKGBUILD | 6 ++++--
unzip-6.0_CVE-2021-4217.patch | 19 +++++++++++++++++++
2 files changed, 23 insertions(+), 2 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2022-02-16 16:34:04 UTC (rev 437500)
+++ PKGBUILD 2022-02-16 17:08:57 UTC (rev 437501)
@@ -40,7 +40,7 @@
'https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-part4.patch'
'https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-part5.patch'
'https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-part6.patch'
- )
+ 'unzip-6.0_CVE-2021-4217.patch')
sha512sums=('0694e403ebc57b37218e00ec1a406cae5cc9c5b52b6798e0d4590840b6cdbf9ddc0d9471f67af783e960f8fa2e620394d51384257dca23d06bcd90224a80ce5d'
'3c7f525687b198aaa8547a8b30e744f7f184943624279d5c70170d5b9bb3f0c0f27f3e69bc808dd0d144690107bc76a10c06e160bf99c54fd5684246208b7cff'
'8423e32bbc1e1fe9366118bd10795bb8307f5a9a1afba1f0f62e46443d198b7f3cfcc41dedf57f31830f4c7328c9f5ae573982ca8664822b5f2a2ecdbc389df9'
@@ -68,7 +68,8 @@
'f31b0b70025651397235ee7d759c04f0f4658908287c82d1253a2048ace170f05f67fa19930061fe2b7ac48a8b6989a95117ab93ac0081422dad9203ac9f8ec1'
'27d45a25a6a51415af609a4fdefcb7c95a1105d511a6e18e2a7464e9d3773ba2ccb25f138a3cc6ddc6e5e9c558b633ee60d273cebf562c2a7d1e99d3f229d1ba'
'48875d7e08d669637e26a7e800f8b2a3812d477e6f249c8d4962fdf93ba6d346f5b22b83d82cb65317b506dff84c441d42c0fe7d1c042a065619d39bdf25fdd0'
- 'a788d57fe0fb9ae6106381d2a8fe566aa35bb037012139dc7c283fe5eb316056835dffa9ea9778c15a5b39e50a75329a135a0dffdfc6a53d575ef2013b1d478a')
+ 'a788d57fe0fb9ae6106381d2a8fe566aa35bb037012139dc7c283fe5eb316056835dffa9ea9778c15a5b39e50a75329a135a0dffdfc6a53d575ef2013b1d478a'
+ 'fc1f4246b6974c3c554aed1127f512f0b2ac8fa13aff7c3b54877411e15856522e35633c45b2326d96b5094a9106d697a0883c1879af2c616d9dd51180b6887b')
prepare() {
cd "${srcdir}/${pkgname}${_pkgver}"
@@ -100,6 +101,7 @@
patch -p1 -i ../unzip-zipbomb-part4.patch
patch -p1 -i ../unzip-zipbomb-part5.patch
patch -p1 -i ../unzip-zipbomb-part6.patch
+ patch -p1 -i ../unzip-6.0_CVE-2021-4217.patch # FS#73542
}
build() {
Added: unzip-6.0_CVE-2021-4217.patch
===================================================================
--- unzip-6.0_CVE-2021-4217.patch (rev 0)
+++ unzip-6.0_CVE-2021-4217.patch 2022-02-16 17:08:57 UTC (rev 437501)
@@ -0,0 +1,19 @@
+diff --git a/process.c b/process.c
+index d2a846e..cba2463 100644
+--- a/process.c
++++ b/process.c
+@@ -2064,10 +2064,14 @@ int getUnicodeData(__G__ ef_buf, ef_len)
+ G.unipath_checksum = makelong(offset + ef_buf);
+ offset += 4;
+
++ if (!G.filename_full) {
++ /* Check if we have a unicode extra section but no filename set */
++ return PK_ERR;
++ }
++
+ /*
+ * Compute 32-bit crc
+ */
+-
+ chksum = crc32(chksum, (uch *)(G.filename_full),
+ strlen(G.filename_full));
More information about the arch-commits
mailing list