patches/source/libzip/libzip.CVE-2017-14107.diff


1
2
3
4
5
6
7
8
9
10
11
12
13
14

--- ./lib/zip_open.c.orig	2017-09-12 15:55:04.378188022 -0500
+++ ./lib/zip_open.c	2017-09-12 15:57:11.813198577 -0500
@@ -687,6 +687,11 @@
 	return NULL;
     }
 
+    if (offset+size > buf_offset + eocd_offset) {
+       /* cdir spans past EOCD record */
+       zip_error_set(error, ZIP_ER_INCONS, 0);
+       return NULL;
+    }
     if ((flags & ZIP_CHECKCONS) && offset+size != buf_offset + eocd_offset) {
 	zip_error_set(error, ZIP_ER_INCONS, 0);
 	return NULL;