-
-
Notifications
You must be signed in to change notification settings - Fork 63
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add patch to fix validation issues in cpl_zipOpenNewFileInZip3() (CVE…
…-2023-45853) (#833) automerged PR by conda-forge/automerge-action
- Loading branch information
Showing
2 changed files
with
39 additions
and
1 deletion.
There are no files selected for viewing
36 changes: 36 additions & 0 deletions
36
recipe/0001-cpl_zipOpenNewFileInZip3-validate-length-of-filename.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
From 725070cc38cd47d870bc1ed394b9275013aab79e Mon Sep 17 00:00:00 2001 | ||
From: Even Rouault <[email protected]> | ||
Date: Fri, 3 Nov 2023 16:41:11 +0100 | ||
Subject: [PATCH] cpl_zipOpenNewFileInZip3(): validate length of filename, | ||
comment and extrafields (CVE-2023-45853) | ||
|
||
Backport of https://github.com/madler/zlib/pull/843 | ||
--- | ||
port/cpl_minizip_zip.cpp | 11 +++++++++++ | ||
1 file changed, 11 insertions(+) | ||
|
||
diff --git a/port/cpl_minizip_zip.cpp b/port/cpl_minizip_zip.cpp | ||
index 52ba371a2a..6fa4e324f0 100644 | ||
--- a/port/cpl_minizip_zip.cpp | ||
+++ b/port/cpl_minizip_zip.cpp | ||
@@ -1134,6 +1134,17 @@ extern int ZEXPORT cpl_zipOpenNewFileInZip3( | ||
if (filename == nullptr) | ||
filename = "-"; | ||
|
||
+ // The filename and comment length must fit in 16 bits. | ||
+ if ((filename != nullptr) && (strlen(filename) > 0xffff)) | ||
+ return ZIP_PARAMERROR; | ||
+ if ((comment != nullptr) && (strlen(comment) > 0xffff)) | ||
+ return ZIP_PARAMERROR; | ||
+ // The extra field length must fit in 16 bits. If the member also requires | ||
+ // a Zip64 extra block, that will also need to fit within that 16-bit | ||
+ // length, but that will be checked for later. | ||
+ if ((size_extrafield_local > 0xffff) || (size_extrafield_global > 0xffff)) | ||
+ return ZIP_PARAMERROR; | ||
+ | ||
if (comment == nullptr) | ||
size_comment = 0; | ||
else | ||
-- | ||
2.25.1 | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters