summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2018-09-10 08:55:40 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2018-09-17 16:14:52 +0000
commit4a9037d3446309d42b100f942fa06800c3ffc386 (patch)
tree91484e669c24e423d17dd37359e12046650ca683
parentAdding debian version 0.9-6. (diff)
downloadzutils-4a9037d3446309d42b100f942fa06800c3ffc386.tar.xz
zutils-4a9037d3446309d42b100f942fa06800c3ffc386.zip
Adding patch from upstream to fix a buffer overrun in zcat [CVE-2018-1000637] (Closes: #902936).
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
-rw-r--r--debian/patches/02-zcat-buffer-overrun.patch18
-rw-r--r--debian/patches/series1
2 files changed, 19 insertions, 0 deletions
diff --git a/debian/patches/02-zcat-buffer-overrun.patch b/debian/patches/02-zcat-buffer-overrun.patch
new file mode 100644
index 0000000..230987f
--- /dev/null
+++ b/debian/patches/02-zcat-buffer-overrun.patch
@@ -0,0 +1,18 @@
+Author: Antonio Diaz-Diaz <antonio@gnu.org>
+Description: zcat.cc: Fixed a buffer overrun on outbuf when '-v' is used [CVE-2018-1000637] (Closes: #902936).
+
+diff -Naurp zutils.orig/zcat.cc zutils/zcat.cc
+--- zutils.orig/zcat.cc
++++ zutils/zcat.cc
+@@ -229,8 +229,9 @@ int cat( int infd, const int format_inde
+ enum { buffer_size = 4096 };
+ // buffer with space for sentinel newline at the end
+ uint8_t * const inbuf = new uint8_t[buffer_size+1];
+- // buffer with space for character quoting and 255-digit line number
+- uint8_t * const outbuf = new uint8_t[(4*buffer_size)+256];
++ // buffer with space for character quoting, 255-digit line number and
++ // worst case flushing respect to inbuf.
++ uint8_t * const outbuf = new uint8_t[(5*buffer_size)+256];
+ int retval = 0;
+ Children children;
+ if( !set_data_feeder( &infd, children, format_index ) ) retval = 1;
diff --git a/debian/patches/series b/debian/patches/series
index 46f3936..15e963b 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1 +1,2 @@
01-filename.patch
+02-zcat-buffer-overrun.patch