openpkg
/
openpkg-packages
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6719 Commits
1 Branch
2 Tags
594 MiB
 
 
 
 
 
 
Tree: 6891e77779
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '6891e77779'
${ noResults }
openpkg-packages/infozip/infozip.patch

98 lines
3.8 KiB
Raw Blame History

--- zip-2.3/unix/configure 1999-04-27 21:49:05.000000000 +0200
+++ zip-2.3/unix/configure 2003-03-06 21:46:09.399540000 +0100
@@ -38,7 +38,7 @@
echo "int foo() { return 0;}" > conftest.c
$CC -c conftest.c >/dev/null 2>/dev/null
echo Check if compiler generates underlines
- nm conftest.o | grep "(^|[^_])foo" >/dev/null 2>/dev/null
+ nm conftest.o | grep "[^_]foo" >/dev/null 2>/dev/null
[ $? -eq 0 ] && CPP="${CPP} -DNO_UNDERLINE"
if eval "$CPP crc_i386.S > _crc_i386.s 2>/dev/null"; then
if eval "$CC -c _crc_i386.s >/dev/null 2>/dev/null" && [ -f _crc_i386.o ]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0282
Directory traversal vulnerability in UnZip 5.50 allows attackers to
overwrite arbitrary files via invalid characters between two . (dot)
characters, which are filtered and result in a ".." sequence.
--- unzip-5.50/unix/unix.c.orig 2002-01-21 17:54:42.000000000 -0500
+++ unzip-5.50/unix/unix.c 2003-06-11 18:35:38.000000000 -0400
@@ -421,7 +421,8 @@
*/
{
char pathcomp[FILNAMSIZ]; /* path-component buffer */
- char *pp, *cp=(char *)NULL; /* character pointers */
+ char *pp, *cp=(char *)NULL, /* character pointers */
+ *dp=(char *)NULL;
char *lastsemi=(char *)NULL; /* pointer to last semi-colon in pathcomp */
#ifdef ACORN_FTYPE_NFS
char *lastcomma=(char *)NULL; /* pointer to last comma in pathcomp */
@@ -429,6 +430,7 @@
#endif
int quote = FALSE; /* flags */
int killed_ddot = FALSE; /* is set when skipping "../" pathcomp */
+ int snarf_ddot = FALSE; /* Is set while scanning for "../" */
int error = MPN_OK;
register unsigned workch; /* hold the character being tested */
@@ -467,6 +469,9 @@
while ((workch = (uch)*cp++) != 0) {
if (quote) { /* if character quoted, */
+ if ((pp == pathcomp) && (workch == '.'))
+ /* Oh no you don't... */
+ goto ddot_hack;
*pp++ = (char)workch; /* include it literally */
quote = FALSE;
} else
@@ -481,15 +486,44 @@
break;
case '.':
- if (pp == pathcomp) { /* nothing appended yet... */
+ if (pp == pathcomp) {
+ddot_hack:
+ /* nothing appended yet... */
if (*cp == '/') { /* don't bother appending "./" to */
++cp; /* the path: skip behind the '/' */
break;
- } else if (!uO.ddotflag && *cp == '.' && cp[1] == '/') {
- /* "../" dir traversal detected */
- cp += 2; /* skip over behind the '/' */
- killed_ddot = TRUE; /* set "show message" flag */
- break;
+ } else if (!uO.ddotflag) {
+
+ /*
+ * SECURITY: Skip past control characters if the user
+ * didn't OK use of absolute pathnames. lhh - this is
+ * a very quick, ugly, inefficient fix.
+ */
+ dp = cp;
+ do {
+ workch = (uch)(*dp);
+ if (workch == '/' && snarf_ddot) {
+ /* "../" dir traversal detected */
+ cp = dp + 1; /* skip past the '/' */
+ killed_ddot = TRUE; /* set "show msg" flag */
+ break;
+ } else if (workch == '.' && !snarf_ddot) {
+ snarf_ddot = TRUE;
+ } else if (isprint(workch) ||
+ ((workch > 127) && (workch <= 254))) {
+ /*
+ * Since we found a printable, non-ctrl char,
+ * we can stop looking for '../', the amount
+ * in ../!
+ */
+ break;
+ }
+
+ dp++;
+ } while (*dp != 0);
+
+ if (killed_ddot)
+ break;
}
}
*pp++ = '.';