fix CVE-2020-18442

2021-06-25 10:05:20 +08:00 · 2021-06-25 10:05:20 +08:00 · 7ce566e6be
commit 7ce566e6be
parent 2e01f3400a
8 changed files with 230 additions and 1 deletions
--- a/backport-0001-CVE-2020-18442.patch
+++ b/backport-0001-CVE-2020-18442.patch
@ -0,0 +1,26 @@
+From ac9ae39ef419e9f0f83da1e583314d8c7cda34a6 Mon Sep 17 00:00:00 2001
+From: Guido Draheim <guidod@gmx.de>
+Date: Mon, 4 Jan 2021 21:48:45 +0100
+Subject: [PATCH 01/35] #68 ssize_t return value of zzip_file_read is a signed
+ value being possibly -1
+
+---
+ bins/unzzipcat-zip.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/bins/unzzipcat-zip.c b/bins/unzzipcat-zip.c
+index dd78c2b..385aeaf 100644
+--- a/bins/unzzipcat-zip.c
+++ b/bins/unzzipcat-zip.c
+@@ -34,7 +34,7 @@ static void unzzip_cat_file(ZZIP_DIR* disk, char* name, FILE* out)
+     if (file) 
+     {
+ 	char buffer[1024]; int len;
+-	while ((len = zzip_file_read (file, buffer, 1024))) 
+	while (0 < (len = zzip_file_read (file, buffer, 1024))) 
+ 	{
+ 	    fwrite (buffer, 1, len, out);
+ 	}
+-- 
+1.8.3.1
+
--- a/backport-0002-CVE-2020-18442.patch
+++ b/backport-0002-CVE-2020-18442.patch
@ -0,0 +1,34 @@
+From 7e786544084548da7fcfcd9090d3c4e7f5777f7e Mon Sep 17 00:00:00 2001
+From: Guido Draheim <guidod@gmx.de>
+Date: Mon, 4 Jan 2021 21:50:26 +0100
+Subject: [PATCH 02/35] #68 return value of zzip_mem_disk_fread is signed
+
+---
+ bins/unzip-mem.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/bins/unzip-mem.c b/bins/unzip-mem.c
+index cc009f8..50eb5a6 100644
+--- a/bins/unzip-mem.c
+++ b/bins/unzip-mem.c
+@@ -81,7 +81,7 @@ static void zzip_mem_entry_pipe(ZZIP_MEM_DISK* disk,
+     if (file) 
+     {
+ 	char buffer[1024]; int len;
+-	while ((len = zzip_mem_disk_fread (buffer, 1024, 1, file)))
+	while (0 < (len = zzip_mem_disk_fread (buffer, 1024, 1, file)))
+ 	    fwrite (buffer, len, 1, out);
+ 	
+ 	zzip_mem_disk_fclose (file);
+@@ -115,7 +115,7 @@ static void zzip_mem_entry_test(ZZIP_MEM_DISK* disk,
+     {
+ 	unsigned long crc = crc32 (0L, NULL, 0);
+ 	unsigned char buffer[1024]; int len; 
+-	while ((len = zzip_mem_disk_fread (buffer, 1024, 1, file))) {
+	while (0 < (len = zzip_mem_disk_fread (buffer, 1024, 1, file))) {
+ 	    crc = crc32 (crc, buffer, len);
+ 	}
+ 	
+-- 
+1.8.3.1
+
--- a/backport-0003-CVE-2020-18442.patch
+++ b/backport-0003-CVE-2020-18442.patch
@ -0,0 +1,34 @@
+From d453977f59ca59c61bf59dec28dd724498828f2a Mon Sep 17 00:00:00 2001
+From: Guido Draheim <guidod@gmx.de>
+Date: Mon, 4 Jan 2021 21:51:12 +0100
+Subject: [PATCH 03/35] #68 return value of zzip_entry_fread is signed
+
+---
+ bins/unzzipcat-big.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/bins/unzzipcat-big.c b/bins/unzzipcat-big.c
+index 111ef47..ecebe11 100644
+--- a/bins/unzzipcat-big.c
+++ b/bins/unzzipcat-big.c
+@@ -26,7 +26,7 @@ static void unzzip_big_entry_fprint(ZZIP_ENTRY* entry, FILE* out)
+     if (file) 
+     {
+ 	char buffer[1024]; int len;
+-	while ((len = zzip_entry_fread (buffer, 1024, 1, file)))
+	while (0 < (len = zzip_entry_fread (buffer, 1024, 1, file)))
+ 	{
+ 	    DBG2("entry read %i", len);
+ 	    fwrite (buffer, len, 1, out);
+@@ -45,7 +45,7 @@ static void unzzip_cat_file(FILE* disk, char* name, FILE* out)
+     if (file) 
+     {
+ 	char buffer[1024]; int len;
+-	while ((len = zzip_entry_fread (buffer, 1024, 1, file)))
+	while (0 < (len = zzip_entry_fread (buffer, 1024, 1, file)))
+ 	    fwrite (buffer, len, 1, out);
+ 	
+ 	zzip_entry_fclose (file);
+-- 
+1.8.3.1
+
--- a/backport-0004-CVE-2020-18442.patch
+++ b/backport-0004-CVE-2020-18442.patch
@ -0,0 +1,34 @@
+From 0a9db9ded9d15fbdb63bf5cf451920d0a368c00e Mon Sep 17 00:00:00 2001
+From: Guido Draheim <guidod@gmx.de>
+Date: Mon, 4 Jan 2021 21:51:56 +0100
+Subject: [PATCH 04/35] #68 return value of zzip_mem_disk_fread is signed
+
+---
+ bins/unzzipcat-mem.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/bins/unzzipcat-mem.c b/bins/unzzipcat-mem.c
+index 6bd79b7..1b5bc22 100644
+--- a/bins/unzzipcat-mem.c
+++ b/bins/unzzipcat-mem.c
+@@ -35,7 +35,7 @@ static void unzzip_mem_entry_fprint(ZZIP_MEM_DISK* disk,
+     if (file) 
+     {
+ 	char buffer[1024]; int len;
+-	while ((len = zzip_mem_disk_fread (buffer, 1024, 1, file)))
+	while (0 < (len = zzip_mem_disk_fread (buffer, 1024, 1, file)))
+ 	    fwrite (buffer, len, 1, out);
+ 	
+ 	zzip_mem_disk_fclose (file);
+@@ -48,7 +48,7 @@ static void unzzip_mem_disk_cat_file(ZZIP_MEM_DISK* disk, char* name, FILE* out)
+     if (file) 
+     {
+ 	char buffer[1025]; int len;
+-	while ((len = zzip_mem_disk_fread (buffer, 1, 1024, file))) 
+	while (0 < (len = zzip_mem_disk_fread (buffer, 1, 1024, file))) 
+ 	{
+ 	    fwrite (buffer, 1, len, out);
+ 	}
+-- 
+1.8.3.1
+
--- a/backport-0005-CVE-2020-18442.patch
+++ b/backport-0005-CVE-2020-18442.patch
@ -0,0 +1,25 @@
+From a34a96fbda1e58fbec5c79f4c0b5063e031ce11d Mon Sep 17 00:00:00 2001
+From: Guido Draheim <guidod@gmx.de>
+Date: Mon, 4 Jan 2021 21:52:47 +0100
+Subject: [PATCH 05/35] #68 return value of zzip_fread is signed
+
+---
+ bins/unzzipcat-mix.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/bins/unzzipcat-mix.c b/bins/unzzipcat-mix.c
+index e18987d..8f3d0b8 100644
+--- a/bins/unzzipcat-mix.c
+++ b/bins/unzzipcat-mix.c
+@@ -34,7 +34,7 @@ static void unzzip_cat_file(ZZIP_DIR* disk, char* name, FILE* out)
+     if (file) 
+     {
+ 	char buffer[1024]; int len;
+-	while ((len = zzip_fread (buffer, 1, 1024, file))) 
+	while (0 < (len = zzip_fread (buffer, 1, 1024, file))) 
+ 	{
+ 	    fwrite (buffer, 1, len, out);
+ 	}
+-- 
+1.8.3.1
+
--- a/backport-0006-CVE-2020-18442.patch
+++ b/backport-0006-CVE-2020-18442.patch
@ -0,0 +1,34 @@
+From fa1f78abe1b08544061204019016809664f2618c Mon Sep 17 00:00:00 2001
+From: Guido Draheim <guidod@gmx.de>
+Date: Mon, 4 Jan 2021 21:53:50 +0100
+Subject: [PATCH 06/35] #68 return value of zzip_entry_fread is signed
+
+---
+ bins/unzzipshow.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/bins/unzzipshow.c b/bins/unzzipshow.c
+index 9d8c2ed..5672d3b 100644
+--- a/bins/unzzipshow.c
+++ b/bins/unzzipshow.c
+@@ -22,7 +22,7 @@ static void zzip_entry_fprint(ZZIP_ENTRY* entry, FILE* out)
+     if (file) 
+     {
+ 	char buffer[1024]; int len;
+-	while ((len = zzip_entry_fread (buffer, 1024, 1, file)))
+	while (0 < (len = zzip_entry_fread (buffer, 1024, 1, file)))
+ 	    fwrite (buffer, len, 1, out);
+ 
+ 	zzip_entry_fclose (file);
+@@ -35,7 +35,7 @@ static void zzip_cat_file(FILE* disk, char* name, FILE* out)
+     if (file) 
+     {
+ 	char buffer[1024]; int len;
+-	while ((len = zzip_entry_fread (buffer, 1024, 1, file)))
+	while (0 < (len = zzip_entry_fread (buffer, 1024, 1, file)))
+ 	    fwrite (buffer, len, 1, out);
+ 	
+ 	zzip_entry_fclose (file);
+-- 
+1.8.3.1
+
--- a/backport-0007-CVE-2020-18442.patch
+++ b/backport-0007-CVE-2020-18442.patch
@ -0,0 +1,25 @@
+From f7a6fa9f0c29aecb4c2299568ed2e6094c34aca7 Mon Sep 17 00:00:00 2001
+From: Guido Draheim <guidod@gmx.de>
+Date: Mon, 4 Jan 2021 21:55:08 +0100
+Subject: [PATCH 07/35] #68 return value of posix read(2) is signed
+
+---
+ bins/zzipmake-zip.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/bins/zzipmake-zip.c b/bins/zzipmake-zip.c
+index 8e09c31..b37877c 100644
+--- a/bins/zzipmake-zip.c
+++ b/bins/zzipmake-zip.c
+@@ -57,7 +57,7 @@ int rezzip_make (int argc, char ** argv)
+ 		continue;
+ 	    }
+ 
+-	    while ((n = read (input, buf, 16)))
+	    while (0 < (n = read (input, buf, 16)))
+ 	    {
+ 		zzip_write (output, buf, n);
+ 	    }
+-- 
+1.8.3.1
+
--- a/zziplib.spec
+++ b/zziplib.spec
@ -4,7 +4,7 @@ sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' */libtool

 Name:            zziplib
 Version:         0.13.69
-Release:         7
+Release:         8
 Summary:         Lightweight library for zip compression
 License:         LGPLv2+ or MPLv1.1
 URL:             http://zziplib.sourceforge.net
@ -14,6 +14,13 @@ Patch6000:       CVE-2018-16548-1.patch
 Patch6001:       CVE-2018-16548-2.patch
 Patch6002:       CVE-2018-16548-3.patch
 Patch6003:       CVE-2018-17828.patch
+Patch6004:       backport-0001-CVE-2020-18442.patch
+Patch6005:       backport-0002-CVE-2020-18442.patch
+Patch6006:       backport-0003-CVE-2020-18442.patch
+Patch6007:       backport-0004-CVE-2020-18442.patch
+Patch6008:       backport-0005-CVE-2020-18442.patch
+Patch6009:       backport-0006-CVE-2020-18442.patch
+Patch6010:       backport-0007-CVE-2020-18442.patch

 BuildRequires:   perl-interpreter python2 python2-rpm-macros zip xmlto
 BuildRequires:   zlib-devel SDL-devel pkgconfig autoconf automake gcc make
@ -52,6 +59,13 @@ This package includes help documentation and manuals related to zziplib.
 %patch6001 -p1
 %patch6002 -p1
 %patch6003 -p1
+%patch6004 -p1
+%patch6005 -p1
+%patch6006 -p1
+%patch6007 -p1
+%patch6008 -p1
+%patch6009 -p1
+%patch6010 -p1

 find . -name '*.py' | xargs sed -i 's@#! /usr/bin/python@#! %__python2@g;s@#! /usr/bin/env python@#! %__python2@g'

@ -87,6 +101,9 @@ export PYTHON=%__python2
 %{_mandir}/man3/*

 %changelog
+- Fri Jun 25 2021 shixuantong <shixuantong@huawei.com> - 0.13.36-8
+- fix CVE-2020-18442
+
 * Fri Nov 13 2020 shixuantong <shixuantong@huawei.com> - 0.13.36-7
 - Change the installation dependency on the help package from requires to recommends