!24 fix CVE-2020-18770

From: @licihua Reviewed-by: @overweight Signed-off-by: @overweight
2023-09-28 01:15:17 +00:00 · 2023-09-28 01:15:17 +00:00 · aca266462a
commit aca266462a
parent 95ef717c79 0cd19f9aeb
2 changed files with 39 additions and 1 deletions
--- a/backport-CVE-2020-18770.patch
+++ b/backport-CVE-2020-18770.patch
@ -0,0 +1,33 @@
 From 99462cac1c6581bce36fe17fd1f430cbe114f0af Mon Sep 17 00:00:00 2001
 From: Valentin Lefebvre <valentin.lefebvre@suse.com>
 Date: Wed, 20 Sep 2023 12:04:56 +0200
 Subject: [PATCH] mmappend.c: pre-check header trailer magic
 * Avoid potential ASAN:SIGSEGV invalid memory access by pre-check the header
  trailer magic.
 * CVE-2020-18770
 Signed-off-by: Valentin Lefebvre <valentin.lefebvre@suse.com>
 ---
 zzip/mmapped.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)
 diff --git a/zzip/mmapped.c b/zzip/mmapped.c
 index 8af18f4..49990e6 100644
 --- a/zzip/mmapped.c
 +++ b/zzip/mmapped.c
@@ -269,7 +269,9 @@ zzip_disk_entry_to_file_header(ZZIP_DISK * disk, struct zzip_disk_entry *entry)
         return 0;
     }
     ___  struct zzip_file_header *file_header = (void *) ptr;
 -    if (zzip_file_header_get_magic(file_header) != ZZIP_FILE_HEADER_MAGIC)
 +    if (file_header != 'P' || /* quick pre-check for trailer magic */
 +        zzip_file_header_get_magic(file_header) != ZZIP_FILE_HEADER_MAGIC)
 + 
     {
         errno = EBADMSG;
         return 0;
 -- 
 2.40.1
--- a/zziplib.spec
+++ b/zziplib.spec
@ -4,7 +4,7 @@ sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool
 Name:            zziplib
 Version:         0.13.71
-Release:         4
+Release:         5
 Summary:         Lightweight library for zip compression
 License:         LGPLv2+ or MPLv1.1
 URL:             http://zziplib.sourceforge.net
@ -18,6 +18,7 @@ Patch6004:       backport-0005-CVE-2020-18442.patch
 Patch6005:       backport-0006-CVE-2020-18442.patch
 Patch6006:       backport-0007-CVE-2020-18442.patch
 Patch6007:       zziplib-0.13.71-sw.patch
 Patch6008:	 backport-CVE-2020-18770.patch
 BuildRequires:   perl-interpreter  zip xmlto
 BuildRequires:   zlib-devel SDL-devel pkgconfig autoconf automake gcc make
@ -60,6 +61,7 @@ sed -i -e 's:docs ::g' Makefile.am
 %patch6005 -p1
 %patch6006 -p1
 %patch6007 -p1
 %patch6008 -p1
 %build
 %configure --disable-static --enable-sdl --enable-frame-pointer --enable-builddir=_builddir
@ -93,6 +95,9 @@ find %{buildroot} -type f -name "*.la" -delete -print
 %{_mandir}/man3/*
 %changelog
 * Wed Sep 27 2023 licihua <licihua@huawei.com> - 0.13.71-5
 - fix CVE-2020-18770
 * Wed Oct 26 2022 wuzx<wuzx1226@qq.com> - 0.13.71-4
 - Add sw64 architecture