Blame libzip-0.11.2-CVE-2015-2331.patch
|
Rex Dieter |
9f9eb8c |
diff -up libzip-0.11.2/lib/zip_dirent.c.CVE-2015-2331 libzip-0.11.2/lib/zip_dirent.c
|
|
Rex Dieter |
9f9eb8c |
--- libzip-0.11.2/lib/zip_dirent.c.CVE-2015-2331 2013-11-28 10:57:10.000000000 -0600
|
|
Rex Dieter |
9f9eb8c |
+++ libzip-0.11.2/lib/zip_dirent.c 2015-03-23 07:45:27.486986723 -0500
|
|
Rex Dieter |
9f9eb8c |
@@ -110,7 +110,7 @@ _zip_cdir_new(zip_uint64_t nentry, struc
|
|
Rex Dieter |
9f9eb8c |
|
|
Rex Dieter |
9f9eb8c |
if (nentry == 0)
|
|
Rex Dieter |
9f9eb8c |
cd->entry = NULL;
|
|
Rex Dieter |
9f9eb8c |
- else if ((cd->entry=(struct zip_entry *)malloc(sizeof(*(cd->entry))*(size_t)nentry)) == NULL) {
|
|
Rex Dieter |
33ffcd0 |
+ else if ((nentry > SIZE_MAX/sizeof(*(cd->entry))) || (cd->entry=(struct zip_entry *)malloc(sizeof(*(cd->entry))*(size_t)nentry)) == NULL) {
|
|
Rex Dieter |
9f9eb8c |
_zip_error_set(error, ZIP_ER_MEMORY, 0);
|
|
Rex Dieter |
9f9eb8c |
free(cd);
|
|
Rex Dieter |
9f9eb8c |
return NULL;
|