libzip: sync with rawhide

author: Remi Collet <fedora@famillecollet.com> 2015-05-05 15:15:19 +0200
committer: Remi Collet <fedora@famillecollet.com> 2015-05-05 15:15:19 +0200
commit: 29ad9cc6df1cd7628f5d3be923002b32a4d317a2 (patch)
tree: b7ff915678ad1fabac506b3b4d4cea52472f7cd0 /libzip-0.11.2-CVE-2015-2331.patch
parent: 098af2ee44706eda1d49ace737e4979de35207ca (diff)
1 files changed, 12 insertions, 0 deletions
diff --git a/libzip-0.11.2-CVE-2015-2331.patch b/libzip-0.11.2-CVE-2015-2331.patch
new file mode 100644
index 0000000..67d2abc
--- /dev/null
+++ b/libzip-0.11.2-CVE-2015-2331.patch
@@ -0,0 +1,12 @@
+diff -up libzip-0.11.2/lib/zip_dirent.c.CVE-2015-2331 libzip-0.11.2/lib/zip_dirent.c
+--- libzip-0.11.2/lib/zip_dirent.c.CVE-2015-2331	2013-11-28 10:57:10.000000000 -0600
++++ libzip-0.11.2/lib/zip_dirent.c	2015-03-23 07:45:27.486986723 -0500
+@@ -110,7 +110,7 @@ _zip_cdir_new(zip_uint64_t nentry, struc
+ 
+     if (nentry == 0)
+ 	cd->entry = NULL;
+-    else if ((cd->entry=(struct zip_entry *)malloc(sizeof(*(cd->entry))*(size_t)nentry)) == NULL) {
++    else if ((nentry > SIZE_MAX/sizeof(*(cd->entry))) || (cd->entry=(struct zip_entry *)malloc(sizeof(*(cd->entry))*(size_t)nentry)) == NULL) {
+ 	_zip_error_set(error, ZIP_ER_MEMORY, 0);
+ 	free(cd);
+ 	return NULL;
author	Remi Collet <fedora@famillecollet.com>	2015-05-05 15:15:19 +0200
committer	Remi Collet <fedora@famillecollet.com>	2015-05-05 15:15:19 +0200
commit	29ad9cc6df1cd7628f5d3be923002b32a4d317a2 (patch)
tree	b7ff915678ad1fabac506b3b4d4cea52472f7cd0 /libzip-0.11.2-CVE-2015-2331.patch
parent	098af2ee44706eda1d49ace737e4979de35207ca (diff)