From 51de92a08e11b11ac9e5bbb2938be2ad0de02d80 Mon Sep 17 00:00:00 2001
From: Mark H Weaver <mhw@netris.org>
Date: Thu, 22 Oct 2015 14:54:43 -0400
Subject: gnu: unzip: Reorganize security fixes for improved clarity.

* gnu/packages/patches/unzip-fix-overflows-and-infloop.patch: Delete
  file.  Its contents are now split into the following new files:
* gnu/packages/patches/unzip-CVE-2015-7696.patch,
  gnu/packages/patches/unzip-CVE-2015-7697.patch,
  gnu/packages/patches/unzip-overflow-on-invalid-input.patch: New files.
* gnu-system.am (dist_patch_DATA): Adjust accordingly.
* gnu/packages/zip.scm (unzip)[source]: Adjust patches accordingly.
---
 .../patches/unzip-overflow-on-invalid-input.patch  | 40 ++++++++++++++++++++++
 1 file changed, 40 insertions(+)
 create mode 100644 gnu/packages/patches/unzip-overflow-on-invalid-input.patch

(limited to 'gnu/packages/patches/unzip-overflow-on-invalid-input.patch')

diff --git a/gnu/packages/patches/unzip-overflow-on-invalid-input.patch b/gnu/packages/patches/unzip-overflow-on-invalid-input.patch
new file mode 100644
index 0000000000..013002a88c
--- /dev/null
+++ b/gnu/packages/patches/unzip-overflow-on-invalid-input.patch
@@ -0,0 +1,40 @@
+Extracted from a patch in Fedora.
+
+http://pkgs.fedoraproject.org/cgit/unzip.git/tree/unzip-6.0-heap-overflow-infloop.patch?id=d18f821e
+
+From bd150334fb4084f5555a6be26b015a0671cb5b74 Mon Sep 17 00:00:00 2001
+From: Kamil Dudka <kdudka@redhat.com>
+Date: Tue, 22 Sep 2015 18:52:23 +0200
+Subject: [PATCH 3/3] extract: prevent unsigned overflow on invalid input
+
+Suggested-by: Stefan Cornelius
+---
+ extract.c | 11 ++++++++++-
+ 1 file changed, 10 insertions(+), 1 deletion(-)
+
+diff --git a/extract.c b/extract.c
+index 29db027..b9ae667 100644
+--- a/extract.c
++++ b/extract.c
+@@ -1257,8 +1257,17 @@ static int extract_or_test_entrylist(__G__ numchunk,
+         if (G.lrec.compression_method == STORED) {
+             zusz_t csiz_decrypted = G.lrec.csize;
+ 
+-            if (G.pInfo->encrypted)
++            if (G.pInfo->encrypted) {
++                if (csiz_decrypted <= 12) {
++                    /* handle the error now to prevent unsigned overflow */
++                    Info(slide, 0x401, ((char *)slide,
++                      LoadFarStringSmall(ErrUnzipNoFile),
++                      LoadFarString(InvalidComprData),
++                      LoadFarStringSmall2(Inflate)));
++                    return PK_ERR;
++                }
+                 csiz_decrypted -= 12;
++            }
+             if (G.lrec.ucsize != csiz_decrypted) {
+                 Info(slide, 0x401, ((char *)slide,
+                   LoadFarStringSmall2(WrnStorUCSizCSizDiff),
+-- 
+2.5.2
+
-- 
cgit v1.2.3