Bug 138228
Summary: | CAN-2004-1010 buffer overflow when creating archive containing very long filenames. | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 3 | Reporter: | Josh Bressers <bressers> | ||||||
Component: | zip | Assignee: | Lon Hohberger <lhh> | ||||||
Status: | CLOSED ERRATA | QA Contact: | |||||||
Severity: | low | Docs Contact: | |||||||
Priority: | medium | ||||||||
Version: | 3.0 | CC: | lhh | ||||||
Target Milestone: | --- | Keywords: | Security | ||||||
Target Release: | --- | ||||||||
Hardware: | All | ||||||||
OS: | Linux | ||||||||
Whiteboard: | impact=low,public=20041103 | ||||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||||
Doc Text: | Story Points: | --- | |||||||
Clone Of: | Environment: | ||||||||
Last Closed: | 2004-12-16 20:49:33 UTC | Type: | --- | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Attachments: |
|
Description
Josh Bressers
2004-11-05 21:05:08 UTC
Created attachment 106240 [details]
Patch which fixes this issue.
Created attachment 106249 [details]
New patch to fix the buffer overflow.
This patch fixes a leak, I was not freeing a malloc'd variable in the previous
one.
Patch from mailing list: diff -Nur zip-2.30/unix/unix.c zip-2.30.new/unix/unix.c --- zip-2.30/unix/unix.c 2004-11-05 14:22:42.957410560 +0100 +++ zip-2.30.new/unix/unix.c 2004-11-05 14:22:03.620390696 +0100 @@ -322,6 +322,9 @@ char name[FNMAX]; int len = strlen(f); + if (len >= FNMAX) + error("file name too long"); + if (f == label) { if (a != NULL) *a = label_mode; *** Bug 138392 has been marked as a duplicate of this bug. *** An errata has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2004-634.html |