svn commit: r450768 - in head/archivers/libzip: . files

Raphael Kubo da Costa rakuco at FreeBSD.org
Wed Sep 27 16:52:21 UTC 2017 

Author: rakuco
Date: Wed Sep 27 16:52:20 2017
New Revision: 450768
URL: https://svnweb.freebsd.org/changeset/ports/450768

Log:
  Add a patch for CVE-2017-14107.
  
  This is a minor security vulnerability that can lead to a denial of service
  issue in libzip when a specially crafted archive is used.
  
  PR:		222638
  Security:	b2952517-07e5-4d19-8850-21c5b7e0623f
  Security:	CVE-2017-14107

Added:
  head/archivers/libzip/files/patch-CVE-2017-14107   (contents, props changed)
Modified:
  head/archivers/libzip/Makefile

Modified: head/archivers/libzip/Makefile
==============================================================================
--- head/archivers/libzip/Makefile	Wed Sep 27 16:50:21 2017	(r450767)
+++ head/archivers/libzip/Makefile	Wed Sep 27 16:52:20 2017	(r450768)
@@ -3,6 +3,7 @@
 
 PORTNAME=	libzip
 PORTVERSION=	1.1.3
+PORTREVISION=	1
 CATEGORIES=	archivers devel
 MASTER_SITES=	http://www.nih.at/libzip/
 

Added: head/archivers/libzip/files/patch-CVE-2017-14107
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/archivers/libzip/files/patch-CVE-2017-14107	Wed Sep 27 16:52:20 2017	(r450768)
@@ -0,0 +1,27 @@
+From 9b46957ec98d85a572e9ef98301247f39338a3b5 Mon Sep 17 00:00:00 2001
+From: Thomas Klausner <tk at giga.or.at>
+Date: Tue, 29 Aug 2017 10:25:03 +0200
+Subject: [PATCH] Make eocd checks more consistent between zip and zip64 cases.
+
+---
+ lib/zip_open.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/lib/zip_open.c b/lib/zip_open.c
+index 3bd593b..9d3a4cb 100644
+--- lib/zip_open.c
++++ lib/zip_open.c
+@@ -847,7 +847,12 @@ _zip_read_eocd64(zip_source_t *src, zip_buffer_t *buffer, zip_uint64_t buf_offse
+         zip_error_set(error, ZIP_ER_SEEK, EFBIG);
+         return NULL;
+     }
+-    if ((flags & ZIP_CHECKCONS) && offset+size != eocd_offset) {
++    if (offset+size > buf_offset + eocd_offset) {
++	/* cdir spans past EOCD record */
++	zip_error_set(error, ZIP_ER_INCONS, 0);
++	return NULL;
++    }
++    if ((flags & ZIP_CHECKCONS) && offset+size != buf_offset + eocd_offset) {
+ 	zip_error_set(error, ZIP_ER_INCONS, 0);
+ 	return NULL;
+     }

More information about the svn-ports-all mailing list