Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 17 Feb 2015 22:04:27 +0000 (UTC)
From:      Xin LI <delphij@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org
Subject:   svn commit: r379194 - in branches/2015Q1/archivers/unzip: . files
Message-ID:  <201502172204.t1HM4Re1065227@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: delphij
Date: Tue Feb 17 22:04:26 2015
New Revision: 379194
URL: https://svnweb.freebsd.org/changeset/ports/379194
QAT: https://qat.redports.org/buildarchive/r379194/

Log:
  MFH: r379192
  
  Apply fix for CVE-2015-1315 from Marc Deslauriers
  <marc.deslauriers@canonical.com>.
  
  Approved by:	ports-secteam

Modified:
  branches/2015Q1/archivers/unzip/Makefile
  branches/2015Q1/archivers/unzip/files/extra-iconv-patch-unix_unix.c
Directory Properties:
  branches/2015Q1/   (props changed)

Modified: branches/2015Q1/archivers/unzip/Makefile
==============================================================================
--- branches/2015Q1/archivers/unzip/Makefile	Tue Feb 17 22:03:32 2015	(r379193)
+++ branches/2015Q1/archivers/unzip/Makefile	Tue Feb 17 22:04:26 2015	(r379194)
@@ -3,7 +3,7 @@
 
 PORTNAME=	unzip
 PORTVERSION=	6.0
-PORTREVISION=	4
+PORTREVISION=	5
 CATEGORIES=	archivers
 MASTER_SITES=	SF/infozip/UnZip%206.x%20%28latest%29/UnZip%20${PORTVERSION}/:main \
 		SF/infozip/UnZip%205.x%20and%20earlier/5.51/:unreduce

Modified: branches/2015Q1/archivers/unzip/files/extra-iconv-patch-unix_unix.c
==============================================================================
--- branches/2015Q1/archivers/unzip/files/extra-iconv-patch-unix_unix.c	Tue Feb 17 22:03:32 2015	(r379193)
+++ branches/2015Q1/archivers/unzip/files/extra-iconv-patch-unix_unix.c	Tue Feb 17 22:04:26 2015	(r379194)
@@ -76,15 +76,27 @@
 +
 +    slen = strlen(string);
 +    s = string;
-+    dlen = buflen = 2*slen;
-+    d = buf = malloc(buflen + 1);
++
++    /*  Make sure OUTBUFSIZ + 1 never ends up smaller than FILNAMSIZ
++     *  as this function also gets called with G.outbuf in fileio.c
++     */
++    buflen = FILNAMSIZ;
++    if (OUTBUFSIZ + 1 < FILNAMSIZ)
++    {
++        buflen = OUTBUFSIZ + 1;
++    }
++
++    d = buf = malloc(buflen);
 +    if(!d)
 +    	goto cleanup;
++
 +    bzero(buf,buflen);
++    dlen = buflen - 1;
++
 +    if(iconv(cd, &s, &slen, &d, &dlen) == (size_t)-1)
 +    	goto cleanup;
 +    strncpy(string, buf, buflen);
-+    
++
 +    cleanup:
 +    free(buf);
 +    iconv_close(cd);

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201502172204.t1HM4Re1065227>