unzip: fix CVE-2014-9636 patch

Close #6544, fixes #6543. vcunat: no security impact; just fixes false rejections of some rarer inputs - a problem introduced by the CVE patch.
2015-02-23 23:13:00 +00:00 · 2015-02-23 23:13:00 +00:00 · f43d759bc4
parent c4ff9d10ba
commit f43d759bc4
1 changed files with 5 additions and 4 deletions
--- a/pkgs/tools/archivers/unzip/CVE-2014-9636.diff
+++ b/pkgs/tools/archivers/unzip/CVE-2014-9636.diff
@ -1,6 +1,6 @@
-From a9bfab5b52d08879bbc5e0991684b700127ddcff Mon Sep 17 00:00:00 2001
+From 190040ebfcf5395a6ccedede2cc9343d34f0a108 Mon Sep 17 00:00:00 2001
 From: mancha <mancha1 AT zoho DOT com>
-Date: Mon, 3 Nov 2014
+Date: Wed, 11 Feb 2015
 Subject: Info-ZIP UnZip buffer overflow

 By carefully crafting a corrupt ZIP archive with "extra fields" that
@ -26,12 +26,13 @@ This patch ensures that when extra fields use STORED mode, the
 
     if (compr_offset < 4)                /* field is not compressed: */
         return PK_OK;                    /* do nothing and signal OK */
-@@ -2226,6 +2227,12 @@ static int test_compr_eb(__G__ eb, eb_si
+@@ -2226,6 +2227,13 @@ static int test_compr_eb(__G__ eb, eb_si
          eb_size <= (compr_offset + EB_CMPRHEADLEN)))
         return IZ_EF_TRUNC;               /* no compressed data! */
 
 +    method = makeword(eb + (EB_HEADSIZE + compr_offset));
-+    if ((method == STORED) && (eb_size - compr_offset != eb_ucsize))
+    if ((method == STORED) &&
+        (eb_size - compr_offset - EB_CMPRHEADLEN != eb_ucsize))
 +	return PK_ERR;			  /* compressed & uncompressed
 +					   * should match in STORED
 +					   * method */