Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 17 Feb 2015 21:58:40 +0000 (UTC)
From:      Xin LI <delphij@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject:   svn commit: r379192 - in head/archivers/unzip: . files
Message-ID:  <201502172158.t1HLwe7N060649@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: delphij
Date: Tue Feb 17 21:58:40 2015
New Revision: 379192
URL: https://svnweb.freebsd.org/changeset/ports/379192
QAT: https://qat.redports.org/buildarchive/r379192/

Log:
  Apply fix for CVE-2015-1315 from Marc Deslauriers
  <marc.deslauriers@canonical.com>.
  
  MFH:		2015Q1
  Approved by:	so

Modified:
  head/archivers/unzip/Makefile
  head/archivers/unzip/files/extra-iconv-patch-unix_unix.c

Modified: head/archivers/unzip/Makefile
==============================================================================
--- head/archivers/unzip/Makefile	Tue Feb 17 21:32:56 2015	(r379191)
+++ head/archivers/unzip/Makefile	Tue Feb 17 21:58:40 2015	(r379192)
@@ -3,7 +3,7 @@
 
 PORTNAME=	unzip
 PORTVERSION=	6.0
-PORTREVISION=	4
+PORTREVISION=	5
 CATEGORIES=	archivers
 MASTER_SITES=	SF/infozip/UnZip%206.x%20%28latest%29/UnZip%20${PORTVERSION}/:main \
 		SF/infozip/UnZip%205.x%20and%20earlier/5.51/:unreduce

Modified: head/archivers/unzip/files/extra-iconv-patch-unix_unix.c
==============================================================================
--- head/archivers/unzip/files/extra-iconv-patch-unix_unix.c	Tue Feb 17 21:32:56 2015	(r379191)
+++ head/archivers/unzip/files/extra-iconv-patch-unix_unix.c	Tue Feb 17 21:58:40 2015	(r379192)
@@ -76,15 +76,27 @@
 +
 +    slen = strlen(string);
 +    s = string;
-+    dlen = buflen = 2*slen;
-+    d = buf = malloc(buflen + 1);
++
++    /*  Make sure OUTBUFSIZ + 1 never ends up smaller than FILNAMSIZ
++     *  as this function also gets called with G.outbuf in fileio.c
++     */
++    buflen = FILNAMSIZ;
++    if (OUTBUFSIZ + 1 < FILNAMSIZ)
++    {
++        buflen = OUTBUFSIZ + 1;
++    }
++
++    d = buf = malloc(buflen);
 +    if(!d)
 +    	goto cleanup;
++
 +    bzero(buf,buflen);
++    dlen = buflen - 1;
++
 +    if(iconv(cd, &s, &slen, &d, &dlen) == (size_t)-1)
 +    	goto cleanup;
 +    strncpy(string, buf, buflen);
-+    
++
 +    cleanup:
 +    free(buf);
 +    iconv_close(cd);

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201502172158.t1HLwe7N060649>