+++ /dev/null
-From 9411bde3e4a70a81ff3ffd256b71927b2d90dcbb Mon Sep 17 00:00:00 2001
-From: jmoellers <josef.moellers@suse.com>
-Date: Fri, 7 Sep 2018 11:32:04 +0200
-Subject: [PATCH] Avoid memory leak from __zzip_parse_root_directory().
-
-[Retrieved (and slightly updated to remove test.zip) from:
-https://github.com/gdraheim/zziplib/commit/9411bde3e4a70a81ff3ffd256b71927b2d90dcbb]
-Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
----
- test/test.zip | Bin 1361 -> 1361 bytes
- zzip/zip.c | 36 ++++++++++++++++++++++++++++++++++--
- 2 files changed, 34 insertions(+), 2 deletions(-)
-
-diff --git a/zzip/zip.c b/zzip/zip.c
-index 88b833b..a685280 100644
---- a/zzip/zip.c
-+++ b/zzip/zip.c
-@@ -475,9 +475,15 @@ __zzip_parse_root_directory(int fd,
- } else
- {
- if (io->fd.seeks(fd, zz_rootseek + zz_offset, SEEK_SET) < 0)
-+ {
-+ free(hdr0);
- return ZZIP_DIR_SEEK;
-+ }
- if (io->fd.read(fd, &dirent, sizeof(dirent)) < __sizeof(dirent))
-+ {
-+ free(hdr0);
- return ZZIP_DIR_READ;
-+ }
- d = &dirent;
- }
-
-@@ -577,12 +583,38 @@ __zzip_parse_root_directory(int fd,
-
- if (hdr_return)
- *hdr_return = hdr0;
-+ else
-+ {
-+ /* If it is not assigned to *hdr_return, it will never be free()'d */
-+ free(hdr0);
-+ /* Make sure we don't free it again in case of error */
-+ hdr0 = NULL;
-+ }
- } /* else zero (sane) entries */
- # ifndef ZZIP_ALLOW_MODULO_ENTRIES
-- return (entries != zz_entries ? ZZIP_CORRUPTED : 0);
-+ if (entries != zz_entries)
-+ {
-+ /* If it was assigned to *hdr_return, undo assignment */
-+ if (p_reclen && hdr_return)
-+ *hdr_return = NULL;
-+ /* Free it, if it was not already free()'d */
-+ if (hdr0 != NULL)
-+ free(hdr0);
-+ return ZZIP_CORRUPTED;
-+ }
- # else
-- return ((entries & (unsigned)0xFFFF) != zz_entries ? ZZIP_CORRUPTED : 0);
-+ if (((entries & (unsigned)0xFFFF) != zz_entries)
-+ {
-+ /* If it was assigned to *hdr_return, undo assignment */
-+ if (p_reclen && hdr_return)
-+ *hdr_return = NULL;
-+ /* Free it, if it was not already free()'d */
-+ if (hdr0 != NULL)
-+ free(hdr0);
-+ return ZZIP_CORRUPTED;
-+ }
- # endif
-+ return 0;
- }
-
- /* ------------------------- high-level interface ------------------------- */
+++ /dev/null
-From 81dfa6b3e08f6934885ba5c98939587d6850d08e Mon Sep 17 00:00:00 2001
-From: Josef Moellers <jmoellers@suse.de>
-Date: Thu, 4 Oct 2018 14:21:48 +0200
-Subject: [PATCH] Fix issue #62: Remove any "../" components from pathnames of
- extracted files. [CVE-2018-17828]
-
-[Retrieved from:
-https://github.com/gdraheim/zziplib/commit/81dfa6b3e08f6934885ba5c98939587d6850d08e]
-Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
----
- bins/unzzipcat-big.c | 57 +++++++++++++++++++++++++++++++++++++++++++-
- bins/unzzipcat-mem.c | 57 +++++++++++++++++++++++++++++++++++++++++++-
- bins/unzzipcat-mix.c | 57 +++++++++++++++++++++++++++++++++++++++++++-
- bins/unzzipcat-zip.c | 57 +++++++++++++++++++++++++++++++++++++++++++-
- 4 files changed, 224 insertions(+), 4 deletions(-)
-
-diff --git a/bins/unzzipcat-big.c b/bins/unzzipcat-big.c
-index 982d262..88c4d65 100644
---- a/bins/unzzipcat-big.c
-+++ b/bins/unzzipcat-big.c
-@@ -53,6 +53,48 @@ static void unzzip_cat_file(FILE* disk, char* name, FILE* out)
- }
- }
-
-+/*
-+ * NAME: remove_dotdotslash
-+ * PURPOSE: To remove any "../" components from the given pathname
-+ * ARGUMENTS: path: path name with maybe "../" components
-+ * RETURNS: Nothing, "path" is modified in-place
-+ * NOTE: removing "../" from the path ALWAYS shortens the path, never adds to it!
-+ * Also, "path" is not used after creating it.
-+ * So modifying "path" in-place is safe to do.
-+ */
-+static inline void
-+remove_dotdotslash(char *path)
-+{
-+ /* Note: removing "../" from the path ALWAYS shortens the path, never adds to it! */
-+ char *dotdotslash;
-+ int warned = 0;
-+
-+ dotdotslash = path;
-+ while ((dotdotslash = strstr(dotdotslash, "../")) != NULL)
-+ {
-+ /*
-+ * Remove only if at the beginning of the pathname ("../path/name")
-+ * or when preceded by a slash ("path/../name"),
-+ * otherwise not ("path../name..")!
-+ */
-+ if (dotdotslash == path || dotdotslash[-1] == '/')
-+ {
-+ char *src, *dst;
-+ if (!warned)
-+ {
-+ /* Note: the first time through the pathname is still intact */
-+ fprintf(stderr, "Removing \"../\" path component(s) in %s\n", path);
-+ warned = 1;
-+ }
-+ /* We cannot use strcpy(), as there "The strings may not overlap" */
-+ for (src = dotdotslash+3, dst=dotdotslash; (*dst = *src) != '\0'; src++, dst++)
-+ ;
-+ }
-+ else
-+ dotdotslash +=3; /* skip this instance to prevent infinite loop */
-+ }
-+}
-+
- static void makedirs(const char* name)
- {
- char* p = strrchr(name, '/');
-@@ -70,6 +112,16 @@ static void makedirs(const char* name)
-
- static FILE* create_fopen(char* name, char* mode, int subdirs)
- {
-+ char *name_stripped;
-+ FILE *fp;
-+ int mustfree = 0;
-+
-+ if ((name_stripped = strdup(name)) != NULL)
-+ {
-+ remove_dotdotslash(name_stripped);
-+ name = name_stripped;
-+ mustfree = 1;
-+ }
- if (subdirs)
- {
- char* p = strrchr(name, '/');
-@@ -79,7 +131,10 @@ static FILE* create_fopen(char* name, char* mode, int subdirs)
- free (dir_name);
- }
- }
-- return fopen(name, mode);
-+ fp = fopen(name, mode);
-+ if (mustfree)
-+ free(name_stripped);
-+ return fp;
- }
-
-
-diff --git a/bins/unzzipcat-mem.c b/bins/unzzipcat-mem.c
-index 9bc966b..793bde8 100644
---- a/bins/unzzipcat-mem.c
-+++ b/bins/unzzipcat-mem.c
-@@ -58,6 +58,48 @@ static void unzzip_mem_disk_cat_file(ZZIP_MEM_DISK* disk, char* name, FILE* out)
- }
- }
-
-+/*
-+ * NAME: remove_dotdotslash
-+ * PURPOSE: To remove any "../" components from the given pathname
-+ * ARGUMENTS: path: path name with maybe "../" components
-+ * RETURNS: Nothing, "path" is modified in-place
-+ * NOTE: removing "../" from the path ALWAYS shortens the path, never adds to it!
-+ * Also, "path" is not used after creating it.
-+ * So modifying "path" in-place is safe to do.
-+ */
-+static inline void
-+remove_dotdotslash(char *path)
-+{
-+ /* Note: removing "../" from the path ALWAYS shortens the path, never adds to it! */
-+ char *dotdotslash;
-+ int warned = 0;
-+
-+ dotdotslash = path;
-+ while ((dotdotslash = strstr(dotdotslash, "../")) != NULL)
-+ {
-+ /*
-+ * Remove only if at the beginning of the pathname ("../path/name")
-+ * or when preceded by a slash ("path/../name"),
-+ * otherwise not ("path../name..")!
-+ */
-+ if (dotdotslash == path || dotdotslash[-1] == '/')
-+ {
-+ char *src, *dst;
-+ if (!warned)
-+ {
-+ /* Note: the first time through the pathname is still intact */
-+ fprintf(stderr, "Removing \"../\" path component(s) in %s\n", path);
-+ warned = 1;
-+ }
-+ /* We cannot use strcpy(), as there "The strings may not overlap" */
-+ for (src = dotdotslash+3, dst=dotdotslash; (*dst = *src) != '\0'; src++, dst++)
-+ ;
-+ }
-+ else
-+ dotdotslash +=3; /* skip this instance to prevent infinite loop */
-+ }
-+}
-+
- static void makedirs(const char* name)
- {
- char* p = strrchr(name, '/');
-@@ -75,6 +117,16 @@ static void makedirs(const char* name)
-
- static FILE* create_fopen(char* name, char* mode, int subdirs)
- {
-+ char *name_stripped;
-+ FILE *fp;
-+ int mustfree = 0;
-+
-+ if ((name_stripped = strdup(name)) != NULL)
-+ {
-+ remove_dotdotslash(name_stripped);
-+ name = name_stripped;
-+ mustfree = 1;
-+ }
- if (subdirs)
- {
- char* p = strrchr(name, '/');
-@@ -84,7 +136,10 @@ static FILE* create_fopen(char* name, char* mode, int subdirs)
- free (dir_name);
- }
- }
-- return fopen(name, mode);
-+ fp = fopen(name, mode);
-+ if (mustfree)
-+ free(name_stripped);
-+ return fp;
- }
-
- static int unzzip_cat (int argc, char ** argv, int extract)
-diff --git a/bins/unzzipcat-mix.c b/bins/unzzipcat-mix.c
-index 91c2f00..73b6ed6 100644
---- a/bins/unzzipcat-mix.c
-+++ b/bins/unzzipcat-mix.c
-@@ -69,6 +69,48 @@ static void unzzip_cat_file(ZZIP_DIR* disk, char* name, FILE* out)
- }
- }
-
-+/*
-+ * NAME: remove_dotdotslash
-+ * PURPOSE: To remove any "../" components from the given pathname
-+ * ARGUMENTS: path: path name with maybe "../" components
-+ * RETURNS: Nothing, "path" is modified in-place
-+ * NOTE: removing "../" from the path ALWAYS shortens the path, never adds to it!
-+ * Also, "path" is not used after creating it.
-+ * So modifying "path" in-place is safe to do.
-+ */
-+static inline void
-+remove_dotdotslash(char *path)
-+{
-+ /* Note: removing "../" from the path ALWAYS shortens the path, never adds to it! */
-+ char *dotdotslash;
-+ int warned = 0;
-+
-+ dotdotslash = path;
-+ while ((dotdotslash = strstr(dotdotslash, "../")) != NULL)
-+ {
-+ /*
-+ * Remove only if at the beginning of the pathname ("../path/name")
-+ * or when preceded by a slash ("path/../name"),
-+ * otherwise not ("path../name..")!
-+ */
-+ if (dotdotslash == path || dotdotslash[-1] == '/')
-+ {
-+ char *src, *dst;
-+ if (!warned)
-+ {
-+ /* Note: the first time through the pathname is still intact */
-+ fprintf(stderr, "Removing \"../\" path component(s) in %s\n", path);
-+ warned = 1;
-+ }
-+ /* We cannot use strcpy(), as there "The strings may not overlap" */
-+ for (src = dotdotslash+3, dst=dotdotslash; (*dst = *src) != '\0'; src++, dst++)
-+ ;
-+ }
-+ else
-+ dotdotslash +=3; /* skip this instance to prevent infinite loop */
-+ }
-+}
-+
- static void makedirs(const char* name)
- {
- char* p = strrchr(name, '/');
-@@ -86,6 +128,16 @@ static void makedirs(const char* name)
-
- static FILE* create_fopen(char* name, char* mode, int subdirs)
- {
-+ char *name_stripped;
-+ FILE *fp;
-+ int mustfree = 0;
-+
-+ if ((name_stripped = strdup(name)) != NULL)
-+ {
-+ remove_dotdotslash(name_stripped);
-+ name = name_stripped;
-+ mustfree = 1;
-+ }
- if (subdirs)
- {
- char* p = strrchr(name, '/');
-@@ -95,7 +147,10 @@ static FILE* create_fopen(char* name, char* mode, int subdirs)
- free (dir_name);
- }
- }
-- return fopen(name, mode);
-+ fp = fopen(name, mode);
-+ if (mustfree)
-+ free(name_stripped);
-+ return fp;
- }
-
- static int unzzip_cat (int argc, char ** argv, int extract)
-diff --git a/bins/unzzipcat-zip.c b/bins/unzzipcat-zip.c
-index 2810f85..7f7f3fa 100644
---- a/bins/unzzipcat-zip.c
-+++ b/bins/unzzipcat-zip.c
-@@ -69,6 +69,48 @@ static void unzzip_cat_file(ZZIP_DIR* disk, char* name, FILE* out)
- }
- }
-
-+/*
-+ * NAME: remove_dotdotslash
-+ * PURPOSE: To remove any "../" components from the given pathname
-+ * ARGUMENTS: path: path name with maybe "../" components
-+ * RETURNS: Nothing, "path" is modified in-place
-+ * NOTE: removing "../" from the path ALWAYS shortens the path, never adds to it!
-+ * Also, "path" is not used after creating it.
-+ * So modifying "path" in-place is safe to do.
-+ */
-+static inline void
-+remove_dotdotslash(char *path)
-+{
-+ /* Note: removing "../" from the path ALWAYS shortens the path, never adds to it! */
-+ char *dotdotslash;
-+ int warned = 0;
-+
-+ dotdotslash = path;
-+ while ((dotdotslash = strstr(dotdotslash, "../")) != NULL)
-+ {
-+ /*
-+ * Remove only if at the beginning of the pathname ("../path/name")
-+ * or when preceded by a slash ("path/../name"),
-+ * otherwise not ("path../name..")!
-+ */
-+ if (dotdotslash == path || dotdotslash[-1] == '/')
-+ {
-+ char *src, *dst;
-+ if (!warned)
-+ {
-+ /* Note: the first time through the pathname is still intact */
-+ fprintf(stderr, "Removing \"../\" path component(s) in %s\n", path);
-+ warned = 1;
-+ }
-+ /* We cannot use strcpy(), as there "The strings may not overlap" */
-+ for (src = dotdotslash+3, dst=dotdotslash; (*dst = *src) != '\0'; src++, dst++)
-+ ;
-+ }
-+ else
-+ dotdotslash +=3; /* skip this instance to prevent infinite loop */
-+ }
-+}
-+
- static void makedirs(const char* name)
- {
- char* p = strrchr(name, '/');
-@@ -86,6 +128,16 @@ static void makedirs(const char* name)
-
- static FILE* create_fopen(char* name, char* mode, int subdirs)
- {
-+ char *name_stripped;
-+ FILE *fp;
-+ int mustfree = 0;
-+
-+ if ((name_stripped = strdup(name)) != NULL)
-+ {
-+ remove_dotdotslash(name_stripped);
-+ name = name_stripped;
-+ mustfree = 1;
-+ }
- if (subdirs)
- {
- char* p = strrchr(name, '/');
-@@ -95,7 +147,10 @@ static FILE* create_fopen(char* name, char* mode, int subdirs)
- free (dir_name);
- }
- }
-- return fopen(name, mode);
-+ fp = fopen(name, mode);
-+ if (mustfree)
-+ free(name_stripped);
-+ return fp;
- }
-
- static int unzzip_cat (int argc, char ** argv, int extract)
projects / buildroot.git / commitdiff