From 349f566e6e757458843fa164a0f0584280e1501e Mon Sep 17 00:00:00 2001
|
From: Changqing Li <changqing.li@windriver.com>
|
Date: Wed, 15 Aug 2018 16:20:53 +0800
|
Subject: [PATCH] unzip: fix CVE-2018-1000035
|
|
Upstream-Status: Backport
|
|
CVE: CVE-2018-1000035
|
|
backport from unzip6.10c23
|
|
Signed-off-by: Changqing Li <changqing.li@windriver.com>
|
---
|
fileio.c | 11 ++++++++---
|
1 file changed, 8 insertions(+), 3 deletions(-)
|
|
diff --git a/fileio.c b/fileio.c
|
index 36bfea3..7605a29 100644
|
--- a/fileio.c
|
+++ b/fileio.c
|
@@ -1582,6 +1582,8 @@ int UZ_EXP UzpPassword (pG, rcnt, pwbuf, size, zfn, efn)
|
int r = IZ_PW_ENTERED;
|
char *m;
|
char *prompt;
|
+ char *ep;
|
+ char *zp;
|
|
#ifndef REENTRANT
|
/* tell picky compilers to shut up about "unused variable" warnings */
|
@@ -1590,9 +1592,12 @@ int UZ_EXP UzpPassword (pG, rcnt, pwbuf, size, zfn, efn)
|
|
if (*rcnt == 0) { /* First call for current entry */
|
*rcnt = 2;
|
- if ((prompt = (char *)malloc(2*FILNAMSIZ + 15)) != (char *)NULL) {
|
- sprintf(prompt, LoadFarString(PasswPrompt),
|
- FnFilter1(zfn), FnFilter2(efn));
|
+ zp = FnFilter1( zfn);
|
+ ep = FnFilter2( efn);
|
+ prompt = (char *)malloc( /* Slightly too long (2* "%s"). */
|
+ sizeof( PasswPrompt)+ strlen( zp)+ strlen( ep));
|
+ if (prompt != (char *)NULL) {
|
+ sprintf(prompt, LoadFarString(PasswPrompt), zp, ep);
|
m = prompt;
|
} else
|
m = (char *)LoadFarString(PasswPrompt2);
|
--
|
2.7.4
|
