libzip: repository: 9f11d54f692e

Navigation

Views: changesets, files, tags, branches

Formats: changeset, raw, files

Download: bz2 zip gz

changeset 1718:9f11d54f692e

Avoid integer overflow. Addresses CVE-2015-2331. Fixed similarly to patch used in PHP copy of libzip: https://github.com/php/php-src/commit/ef8fc4b53d92fbfcd8ef1abbd6f2f5fe2c4a11e5 Thanks to Emmanuel Law <emmanuel.law@gmail.com> for the notification about the bug.
author Thomas Klausner <tk@giga.or.at>
date Sat, 21 Mar 2015 12:28:42 +0100
parents fa78ab51417f
children 6606ee18d177
files lib/zip_dirent.c
diffstat 1 files changed, 1 insertions(+), 1 deletions(-) [+]
line diff
     1.1 --- a/lib/zip_dirent.c	Wed Mar 11 18:17:53 2015 +0100
     1.2 +++ b/lib/zip_dirent.c	Sat Mar 21 12:28:42 2015 +0100
     1.3 @@ -105,7 +105,7 @@
     1.4  
     1.5      if (nentry == 0)
     1.6  	cd->entry = NULL;
     1.7 -    else if ((cd->entry=(zip_entry_t *)malloc(sizeof(*(cd->entry))*(size_t)nentry)) == NULL) {
     1.8 +    else if ((nentry > SIZE_MAX/sizeof(*(cd->entry))) || (cd->entry=(zip_entry_t *)malloc(sizeof(*(cd->entry))*(size_t)nentry)) == NULL) {
     1.9  	zip_error_set(error, ZIP_ER_MEMORY, 0);
    1.10  	free(cd);
    1.11  	return NULL;