Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 138228 - CAN-2004-1010 buffer overflow when creating archive containing very long filenames.
CAN-2004-1010 buffer overflow when creating archive containing very long file...
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: zip (Show other bugs)
3.0
All Linux
medium Severity low
: ---
: ---
Assigned To: Lon Hohberger
impact=low,public=20041103
: Security
: 138392 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-11-05 16:05 EST by Josh Bressers
Modified: 2007-11-30 17:07 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-12-16 15:49:33 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Patch which fixes this issue. (676 bytes, patch)
2004-11-05 16:19 EST, Josh Bressers 		no flags Details | Diff
New patch to fix the buffer overflow. (968 bytes, patch)
2004-11-06 08:35 EST, Josh Bressers 		no flags Details | Diff
Show Obsolete (1) Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2004:634 normal SHIPPED_LIVE Low: zip security update 2004-12-16 00:00:00 EST

  None (edit)
Description Josh Bressers 2004-11-05 16:05:08 EST 
A buffer overflow has been found in zip which will lead to a buffer
overflow when a user try to create a zip archive which contains very
long filenames.

See:
http://lists.netsys.com/pipermail/full-disclosure/2004-November/028379.html

This issue is going to affect RHEL2.1 as well.
Comment 1 Josh Bressers 2004-11-05 16:19:27 EST 
Created attachment 106240 [details]
Patch which fixes this issue.
Comment 2 Josh Bressers 2004-11-06 08:35:16 EST 
Created attachment 106249 [details]
New patch to fix the buffer overflow.

This patch fixes a leak, I was not freeing a malloc'd variable in the previous
one.
Comment 3 Lon Hohberger 2004-11-08 10:28:37 EST 
Patch from mailing list:

diff -Nur zip-2.30/unix/unix.c zip-2.30.new/unix/unix.c
--- zip-2.30/unix/unix.c	2004-11-05 14:22:42.957410560 +0100
+++ zip-2.30.new/unix/unix.c	2004-11-05 14:22:03.620390696 +0100
@@ -322,6 +322,9 @@
   char name[FNMAX];
   int len = strlen(f);

+  if (len >= FNMAX)
+    error("file name too long");
+
   if (f == label) {
     if (a != NULL)
       *a = label_mode;
Comment 5 Josh Bressers 2004-11-08 17:15:46 EST 
*** Bug 138392 has been marked as a duplicate of this bug. ***
Comment 7 Josh Bressers 2004-12-16 15:49:33 EST 
An errata has been issued which should help the problem 
described in this bug report. This report is therefore being 
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files, 
please follow the link below. You may reopen this bug report 
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2004-634.html
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.