git: 2c614481fd52 - main - unzip: Fix segmentation fault if a zip file contains buggy filename.
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sun, 10 Oct 2021 11:50:48 UTC
The branch main has been updated by nyan: URL: https://cgit.FreeBSD.org/src/commit/?id=2c614481fd5248c1685e713f67d40cf2d5fba494 commit 2c614481fd5248c1685e713f67d40cf2d5fba494 Author: Yoshihiro Takahashi <nyan@FreeBSD.org> AuthorDate: 2021-10-10 11:49:19 +0000 Commit: Yoshihiro Takahashi <nyan@FreeBSD.org> CommitDate: 2021-10-10 11:49:19 +0000 unzip: Fix segmentation fault if a zip file contains buggy filename. PR: 259011 Reported by: Robert Morris Submitted by: ak MFC after:: 1 week --- usr.bin/unzip/unzip.c | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/usr.bin/unzip/unzip.c b/usr.bin/unzip/unzip.c index e5ca1ff2c939..0b564b0f08ec 100644 --- a/usr.bin/unzip/unzip.c +++ b/usr.bin/unzip/unzip.c @@ -211,6 +211,9 @@ pathdup(const char *path) char *str; size_t i, len; + if (path == NULL || path[0] == '\0') + return (NULL); + len = strlen(path); while (len && path[len - 1] == '/') len--; @@ -697,7 +700,11 @@ extract(struct archive *a, struct archive_entry *e) mode_t filetype; char *p, *q; - pathname = pathdup(archive_entry_pathname(e)); + if ((pathname = pathdup(archive_entry_pathname(e))) == NULL) { + warningx("skipping empty or unreadable filename entry"); + ac(archive_read_data_skip(a)); + return; + } filetype = archive_entry_filetype(e); /* sanity checks */ @@ -760,7 +767,11 @@ extract_stdout(struct archive *a, struct archive_entry *e) char *pathname; mode_t filetype; - pathname = pathdup(archive_entry_pathname(e)); + if ((pathname = pathdup(archive_entry_pathname(e))) == NULL) { + warningx("skipping empty or unreadable filename entry"); + ac(archive_read_data_skip(a)); + return; + } filetype = archive_entry_filetype(e); /* I don't think this can happen in a zipfile.. */