Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 18 Oct 2021 11:18:16 GMT
From:      Yoshihiro Takahashi <nyan@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org
Subject:   git: 94c3735b74f7 - stable/12 - unzip: Fix segmentation fault if a zip file contains buggy filename.
Message-ID:  <202110181118.19IBIGPX039706@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
The branch stable/12 has been updated by nyan:

URL: https://cgit.FreeBSD.org/src/commit/?id=94c3735b74f796a8b271091a8ebc276021345d79

commit 94c3735b74f796a8b271091a8ebc276021345d79
Author:     Yoshihiro Takahashi <nyan@FreeBSD.org>
AuthorDate: 2021-10-10 11:49:19 +0000
Commit:     Yoshihiro Takahashi <nyan@FreeBSD.org>
CommitDate: 2021-10-18 11:17:27 +0000

    unzip: Fix segmentation fault if a zip file contains buggy filename.
    
    PR:             259011
    Reported by:    Robert Morris
    Submitted by:   ak
    
    (cherry picked from commit 2c614481fd5248c1685e713f67d40cf2d5fba494)
---
 usr.bin/unzip/unzip.c | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/usr.bin/unzip/unzip.c b/usr.bin/unzip/unzip.c
index e5ca1ff2c939..0b564b0f08ec 100644
--- a/usr.bin/unzip/unzip.c
+++ b/usr.bin/unzip/unzip.c
@@ -211,6 +211,9 @@ pathdup(const char *path)
 	char *str;
 	size_t i, len;
 
+	if (path == NULL || path[0] == '\0')
+		return (NULL);
+
 	len = strlen(path);
 	while (len && path[len - 1] == '/')
 		len--;
@@ -697,7 +700,11 @@ extract(struct archive *a, struct archive_entry *e)
 	mode_t filetype;
 	char *p, *q;
 
-	pathname = pathdup(archive_entry_pathname(e));
+	if ((pathname = pathdup(archive_entry_pathname(e))) == NULL) {
+		warningx("skipping empty or unreadable filename entry");
+		ac(archive_read_data_skip(a));
+		return;
+	}
 	filetype = archive_entry_filetype(e);
 
 	/* sanity checks */
@@ -760,7 +767,11 @@ extract_stdout(struct archive *a, struct archive_entry *e)
 	char *pathname;
 	mode_t filetype;
 
-	pathname = pathdup(archive_entry_pathname(e));
+	if ((pathname = pathdup(archive_entry_pathname(e))) == NULL) {
+		warningx("skipping empty or unreadable filename entry");
+		ac(archive_read_data_skip(a));
+		return;
+	}
 	filetype = archive_entry_filetype(e);
 
 	/* I don't think this can happen in a zipfile.. */

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202110181118.19IBIGPX039706>