Home Explore Help
Sign In
erkanisik
/
core
mirror of https://github.com/pisilinux/core.git
Watch 1
Star 0
Fork 0
Files Issues 0 Wiki
Branch: master
Branches Tags
core
/
system
/
base
/
unzip
/
files
/
fedora
/
unzip-6.0-COVSCAN-fix-unterminated-string.patch

unzip-6.0-COVSCAN-fix-unterminated-string.patch 4.7 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132 
  1. From 06d1b08aef94984256cad3c5a54cedb10295681f Mon Sep 17 00:00:00 2001
    2. 

  2. From: Jakub Martisko <jamartis@redhat.com>
    3. 

  3. Date: Thu, 8 Nov 2018 09:31:18 +0100
    4. 

  4. Subject: [PATCH] Possible unterminated string fix
    5. 

  5. 

  6. ---
    7. 

  7.  unix/unix.c   |  4 +++-
    8. 

  8.  unix/unxcfg.h |  2 +-
    9. 

  9.  unzip.c       | 12 ++++++++----
    10. 

  10.  zipinfo.c     | 12 ++++++++----
    11. 

  11.  4 files changed, 20 insertions(+), 10 deletions(-)
    12. 

  12. 

  13. diff --git a/unix/unix.c b/unix/unix.c
    14. 

  14. index 59b622d..cd57f80 100644
    15. 

  15. --- a/unix/unix.c
    16. 

  16. +++ b/unix/unix.c
    17. 

  17. @@ -1945,7 +1945,9 @@ void init_conversion_charsets()
    18. 

  18.      	for(i = 0; i < sizeof(dos_charset_map)/sizeof(CHARSET_MAP); i++)
    19. 

  19.      		if(!strcasecmp(local_charset, dos_charset_map[i].local_charset)) {
    20. 

  20.      			strncpy(OEM_CP, dos_charset_map[i].archive_charset,
    21. 

  21. -    					sizeof(OEM_CP));
    22. 

  22. +    					MAX_CP_NAME - 1);
    23. 

  23. +
    24. 

  24. +			OEM_CP[MAX_CP_NAME - 1] = '\0';
    25. 

  25.      			break;
    26. 

  26.      		}
    27. 

  27.      }
    28. 

  28. diff --git a/unix/unxcfg.h b/unix/unxcfg.h
    29. 

  29. index 8729de2..9ee8cfe 100644
    30. 

  30. --- a/unix/unxcfg.h
    31. 

  31. +++ b/unix/unxcfg.h
    32. 

  32. @@ -228,7 +228,7 @@ typedef struct stat z_stat;
    33. 

  33.  /*    and notfirstcall are used by do_wild().                          */
    34. 

  34.  
    35. 

  35.  
    36. 

  36. -#define MAX_CP_NAME 25 
    37. 

  37. +#define MAX_CP_NAME 25 + 1 
    38. 

  38.     
    39. 

  39.  #ifdef SETLOCALE
    40. 

  40.  #  undef SETLOCALE
    41. 

  41. diff --git a/unzip.c b/unzip.c
    42. 

  42. index 2d94a38..a485f2b 100644
    43. 

  43. --- a/unzip.c
    44. 

  44. +++ b/unzip.c
    45. 

  45. @@ -1561,7 +1561,8 @@ int uz_opts(__G__ pargc, pargv)
    46. 

  46.          		                  "error:  a valid character encoding should follow the -I argument"));
    47. 

  47.      	                        return(PK_PARAM); 
    48. 

  48.      						}
    49. 

  49. -    						strncpy(ISO_CP, s, sizeof(ISO_CP));
    50. 

  50. +    						strncpy(ISO_CP, s, MAX_CP_NAME - 1);
    51. 

  51. +                ISO_CP[MAX_CP_NAME - 1] = '\0';
    52. 

  52.      					} else { /* -I charset */
    53. 

  53.      						++argv;
    54. 

  54.      						if(!(--argc > 0 && *argv != NULL && **argv != '-')) {
    55. 

  55. @@ -1570,7 +1571,8 @@ int uz_opts(__G__ pargc, pargv)
    56. 

  56.      	                        return(PK_PARAM); 
    57. 

  57.      						}
    58. 

  58.      						s = *argv;
    59. 

  59. -    						strncpy(ISO_CP, s, sizeof(ISO_CP));
    60. 

  60. +    						strncpy(ISO_CP, s, MAX_CP_NAME - 1);
    61. 

  61. +                ISO_CP[MAX_CP_NAME - 1] = '\0';
    62. 

  62.      					}
    63. 

  63.      					while(*(++s)); /* No params straight after charset name */
    64. 

  64.      				}
    65. 

  65. @@ -1665,7 +1667,8 @@ int uz_opts(__G__ pargc, pargv)
    66. 

  66.          		                  "error:  a valid character encoding should follow the -I argument"));
    67. 

  67.      	                        return(PK_PARAM); 
    68. 

  68.      						}
    69. 

  69. -    						strncpy(OEM_CP, s, sizeof(OEM_CP));
    70. 

  70. +    						strncpy(OEM_CP, s, MAX_CP_NAME - 1);
    71. 

  71. +                OEM_CP[MAX_CP_NAME - 1] = '\0';
    72. 

  72.      					} else { /* -O charset */
    73. 

  73.      						++argv;
    74. 

  74.      						if(!(--argc > 0 && *argv != NULL && **argv != '-')) {
    75. 

  75. @@ -1674,7 +1677,8 @@ int uz_opts(__G__ pargc, pargv)
    76. 

  76.      	                        return(PK_PARAM); 
    77. 

  77.      						}
    78. 

  78.      						s = *argv;
    79. 

  79. -    						strncpy(OEM_CP, s, sizeof(OEM_CP));
    80. 

  80. +    						strncpy(OEM_CP, s, MAX_CP_NAME - 1);
    81. 

  81. +                OEM_CP[MAX_CP_NAME - 1] = '\0';
    82. 

  82.      					}
    83. 

  83.      					while(*(++s)); /* No params straight after charset name */
    84. 

  84.      				}
    85. 

  85. diff --git a/zipinfo.c b/zipinfo.c
    86. 

  86. index accca2a..cb7e08d 100644
    87. 

  87. --- a/zipinfo.c
    88. 

  88. +++ b/zipinfo.c
    89. 

  89. @@ -519,7 +519,8 @@ int zi_opts(__G__ pargc, pargv)
    90. 

  90.          		                  "error:  a valid character encoding should follow the -I argument"));
    91. 

  91.      	                        return(PK_PARAM); 
    92. 

  92.      						}
    93. 

  93. -    						strncpy(ISO_CP, s, sizeof(ISO_CP));
    94. 

  94. +    						strncpy(ISO_CP, s, MAX_CP_NAME - 1);
    95. 

  95. +                ISO_CP[MAX_CP_NAME - 1] = '\0';
    96. 

  96.      					} else { /* -I charset */
    97. 

  97.      						++argv;
    98. 

  98.      						if(!(--argc > 0 && *argv != NULL && **argv != '-')) {
    99. 

  99. @@ -528,7 +529,8 @@ int zi_opts(__G__ pargc, pargv)
    100. 

  100.      	                        return(PK_PARAM); 
    101. 

  101.      						}
    102. 

  102.      						s = *argv;
    103. 

  103. -    						strncpy(ISO_CP, s, sizeof(ISO_CP));
    104. 

  104. +    						strncpy(ISO_CP, s, MAX_CP_NAME - 1);
    105. 

  105. +                ISO_CP[MAX_CP_NAME - 1] = '\0';
    106. 

  106.      					}
    107. 

  107.      					while(*(++s)); /* No params straight after charset name */
    108. 

  108.      				}
    109. 

  109. @@ -568,7 +570,8 @@ int zi_opts(__G__ pargc, pargv)
    110. 

  110.          		                  "error:  a valid character encoding should follow the -I argument"));
    111. 

  111.      	                        return(PK_PARAM); 
    112. 

  112.      						}
    113. 

  113. -    						strncpy(OEM_CP, s, sizeof(OEM_CP));
    114. 

  114. +    						strncpy(OEM_CP, s, MAX_CP_NAME - 1);
    115. 

  115. +                OEM_CP[MAX_CP_NAME - 1] = '\0';
    116. 

  116.      					} else { /* -O charset */
    117. 

  117.      						++argv;
    118. 

  118.      						if(!(--argc > 0 && *argv != NULL && **argv != '-')) {
    119. 

  119. @@ -577,7 +580,8 @@ int zi_opts(__G__ pargc, pargv)
    120. 

  120.      	                        return(PK_PARAM); 
    121. 

  121.      						}
    122. 

  122.      						s = *argv;
    123. 

  123. -    						strncpy(OEM_CP, s, sizeof(OEM_CP));
    124. 

  124. +    						strncpy(OEM_CP, s, MAX_CP_NAME - 1);
    125. 

  125. +                OEM_CP[MAX_CP_NAME - 1] = '\0';
    126. 

  126.      					}
    127. 

  127.      					while(*(++s)); /* No params straight after charset name */
    128. 

  128.      				}
    129. 

  129. -- 
    130. 

  130. 2.14.5
    131. 

  131. 

  132.