!28 fix CVE-2020-18770

From: @licihua Reviewed-by: @zhujianwei001, @overweight Signed-off-by: @overweight
2023-09-28 06:27:37 +00:00 · 2023-09-28 06:27:37 +00:00 · c180373f83
commit c180373f83
parent 20bbc266a7 b6c6fae4e6
2 changed files with 39 additions and 1 deletions
--- a/backport-CVE-2020-18770.patch
+++ b/backport-CVE-2020-18770.patch
@ -0,0 +1,32 @@
+From 99462cac1c6581bce36fe17fd1f430cbe114f0af Mon Sep 17 00:00:00 2001
+From: Valentin Lefebvre <valentin.lefebvre@suse.com>
+Date: Wed, 20 Sep 2023 12:04:56 +0200
+Subject: [PATCH] mmappend.c: pre-check header trailer magic
+
+* Avoid potential ASAN:SIGSEGV invalid memory access by pre-check the header
+  trailer magic.
+* CVE-2020-18770
+
+Signed-off-by: Valentin Lefebvre <valentin.lefebvre@suse.com>
+
+---
+ zzip/mmapped.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/zzip/mmapped.c b/zzip/mmapped.c
+index 8af18f4..6b178ee 100644
+--- a/zzip/mmapped.c
+++ b/zzip/mmapped.c
+@@ -269,7 +269,8 @@ zzip_disk_entry_to_file_header(ZZIP_DISK * disk, struct zzip_disk_entry *entry)
+         return 0;
+     }
+     ___  struct zzip_file_header *file_header = (void *) ptr;
+-    if (zzip_file_header_get_magic(file_header) != ZZIP_FILE_HEADER_MAGIC)
+    if (file_header != 'P' || /* quick pre-check for trailer magic */
+        zzip_file_header_get_magic(file_header) != ZZIP_FILE_HEADER_MAGIC) 
+     {
+         errno = EBADMSG;
+         return 0;
+-- 
+2.40.1
+
--- a/zziplib.spec
+++ b/zziplib.spec
@ -4,7 +4,7 @@ sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' */libtool

 Name:            zziplib
 Version:         0.13.69
-Release:         8
+Release:         9
 Summary:         Lightweight library for zip compression
 License:         LGPLv2+ or MPLv1.1
 URL:             http://zziplib.sourceforge.net
@ -21,6 +21,7 @@ Patch6007:       backport-0004-CVE-2020-18442.patch
 Patch6008:       backport-0005-CVE-2020-18442.patch
 Patch6009:       backport-0006-CVE-2020-18442.patch
 Patch6010:       backport-0007-CVE-2020-18442.patch
+Patch6011:       backport-CVE-2020-18770.patch

 BuildRequires:   perl-interpreter python2 python2-rpm-macros zip xmlto
 BuildRequires:   zlib-devel SDL-devel pkgconfig autoconf automake gcc make
@ -66,6 +67,7 @@ This package includes help documentation and manuals related to zziplib.
 %patch6008 -p1
 %patch6009 -p1
 %patch6010 -p1
+%patch6011 -p1

 find . -name '*.py' | xargs sed -i 's@#! /usr/bin/python@#! %__python2@g;s@#! /usr/bin/env python@#! %__python2@g'

@ -101,6 +103,10 @@ export PYTHON=%__python2
 %{_mandir}/man3/*

 %changelog
+* Thu Sep 28 2023 licihua <licihua@huawei.com> - 0.13.36-9
+- fix CVE-2020-18770
+
+
 * Fri Jun 25 2021 shixuantong <shixuantong@huawei.com> - 0.13.36-8
 - fix CVE-2020-18442