From 4f54b38ba9c5d38183b4303d7bc9bf54eb5c285f Mon Sep 17 00:00:00 2001 From: Raphael Kubo da Costa Date: Wed, 27 Sep 2017 16:53:51 +0000 Subject: MFH: r450768 Add a patch for CVE-2017-14107. This is a minor security vulnerability that can lead to a denial of service issue in libzip when a specially crafted archive is used. PR: 222638 Security: b2952517-07e5-4d19-8850-21c5b7e0623f Security: CVE-2017-14107 Approved by: ports-secteam (blanket approval) --- archivers/libzip/Makefile | 1 + archivers/libzip/files/patch-CVE-2017-14107 | 27 +++++++++++++++++++++++++++ 2 files changed, 28 insertions(+) create mode 100644 archivers/libzip/files/patch-CVE-2017-14107 diff --git a/archivers/libzip/Makefile b/archivers/libzip/Makefile index 5cdd3dec4715..959d0213bf3f 100644 --- a/archivers/libzip/Makefile +++ b/archivers/libzip/Makefile @@ -3,6 +3,7 @@ PORTNAME= libzip PORTVERSION= 1.1.3 +PORTREVISION= 1 CATEGORIES= archivers devel MASTER_SITES= http://www.nih.at/libzip/ diff --git a/archivers/libzip/files/patch-CVE-2017-14107 b/archivers/libzip/files/patch-CVE-2017-14107 new file mode 100644 index 000000000000..510d5ff444e8 --- /dev/null +++ b/archivers/libzip/files/patch-CVE-2017-14107 @@ -0,0 +1,27 @@ +From 9b46957ec98d85a572e9ef98301247f39338a3b5 Mon Sep 17 00:00:00 2001 +From: Thomas Klausner +Date: Tue, 29 Aug 2017 10:25:03 +0200 +Subject: [PATCH] Make eocd checks more consistent between zip and zip64 cases. + +--- + lib/zip_open.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/lib/zip_open.c b/lib/zip_open.c +index 3bd593b..9d3a4cb 100644 +--- lib/zip_open.c ++++ lib/zip_open.c +@@ -847,7 +847,12 @@ _zip_read_eocd64(zip_source_t *src, zip_buffer_t *buffer, zip_uint64_t buf_offse + zip_error_set(error, ZIP_ER_SEEK, EFBIG); + return NULL; + } +- if ((flags & ZIP_CHECKCONS) && offset+size != eocd_offset) { ++ if (offset+size > buf_offset + eocd_offset) { ++ /* cdir spans past EOCD record */ ++ zip_error_set(error, ZIP_ER_INCONS, 0); ++ return NULL; ++ } ++ if ((flags & ZIP_CHECKCONS) && offset+size != buf_offset + eocd_offset) { + zip_error_set(error, ZIP_ER_INCONS, 0); + return NULL; + } -- cgit v1.2.3