diff options
Diffstat (limited to 'patches/source/libzip/libzip.CVE-2017-14107.diff')
-rw-r--r-- | patches/source/libzip/libzip.CVE-2017-14107.diff | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/patches/source/libzip/libzip.CVE-2017-14107.diff b/patches/source/libzip/libzip.CVE-2017-14107.diff new file mode 100644 index 000000000..b9999f31a --- /dev/null +++ b/patches/source/libzip/libzip.CVE-2017-14107.diff @@ -0,0 +1,14 @@ +--- ./lib/zip_open.c.orig 2017-09-12 15:55:04.378188022 -0500 ++++ ./lib/zip_open.c 2017-09-12 15:57:11.813198577 -0500 +@@ -687,6 +687,11 @@ + return NULL; + } + ++ if (offset+size > buf_offset + eocd_offset) { ++ /* cdir spans past EOCD record */ ++ zip_error_set(error, ZIP_ER_INCONS, 0); ++ return NULL; ++ } + if ((flags & ZIP_CHECKCONS) && offset+size != buf_offset + eocd_offset) { + zip_error_set(error, ZIP_ER_INCONS, 0); + return NULL; |