Bug 678603

Summary: zlib from minizip allowed NULL pointer parameter of function unzGetCurrentFileInfo
Product: [Fedora] Fedora Reporter: Miao ZhiCheng <hellwolf.misty>
Component: zlibAssignee: Ivana Varekova <varekova>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: unspecified    
Version: 14CC: varekova
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-04-06 09:36:12 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Miao ZhiCheng 2011-02-18 15:12:38 UTC 
Description of problem:
Packages use zlib from minizip may experience crashes recently, for example, quazip package. Because of one of the function of zlib breaks backward compatibility.

Version-Release number of selected component (if applicable):
minizip-1.2.5-2.fc14.i686

How reproducible:
Everytime call function unzGetCurrentFileInfo with NULL as pfile_info.

extern int ZEXPORT unzGetCurrentFileInfo (unzFile file,
                                          unz_file_info * pfile_info,
                                          char * szFileName, uLong fileNameBufferSize,
                                          void *extraField, uLong extraFieldBufferSize,
                                          char* szComment,  uLong commentBufferSize)

  
Actual results:
SIGSEGV

Expected results:
Accept NULL parameter and do nothing about it.

Proposed Patch:

--- zlib-1.2.5.bak/contrib/minizip/unzip.c	2011-02-15 15:14:11.759197952 +0000
+++ zlib-1.2.5/contrib/minizip/unzip.c	2011-02-15 15:14:57.620493214 +0000
@@ -1145,7 +1145,7 @@
                                                 szFileName,fileNameBufferSize,
                                                 extraField,extraFieldBufferSize,
                                                 szComment,commentBufferSize);
-    if (err==UNZ_OK)
+    if (pfile_info && err==UNZ_OK)
     {
         pfile_info->version = file_info64.version;
         pfile_info->version_needed = file_info64.version_needed;