summaryrefslogtreecommitdiffstats
path: root/meta/recipes-extended/unzip/unzip/CVE-2022-0530.patch
diff options
context:
space:
mode:
Diffstat (limited to 'meta/recipes-extended/unzip/unzip/CVE-2022-0530.patch')
-rw-r--r--meta/recipes-extended/unzip/unzip/CVE-2022-0530.patch33
1 files changed, 33 insertions, 0 deletions
diff --git a/meta/recipes-extended/unzip/unzip/CVE-2022-0530.patch b/meta/recipes-extended/unzip/unzip/CVE-2022-0530.patch
new file mode 100644
index 0000000000..363dafddc9
--- /dev/null
+++ b/meta/recipes-extended/unzip/unzip/CVE-2022-0530.patch
@@ -0,0 +1,33 @@
+https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010355
+
+CVE: CVE-2022-0530
+Upstream-Status: Inactive-Upstream [need a new release]
+
+diff --git a/fileio.c b/fileio.c
+index 6290824..77e4b5f 100644
+--- a/fileio.c
++++ b/fileio.c
+@@ -2361,6 +2361,9 @@ int do_string(__G__ length, option) /* return PK-type error code */
+ /* convert UTF-8 to local character set */
+ fn = utf8_to_local_string(G.unipath_filename,
+ G.unicode_escape_all);
++ if (fn == NULL)
++ return PK_ERR;
++
+ /* make sure filename is short enough */
+ if (strlen(fn) >= FILNAMSIZ) {
+ fn[FILNAMSIZ - 1] = '\0';
+diff --git a/process.c b/process.c
+index d2a846e..715bc0f 100644
+--- a/process.c
++++ b/process.c
+@@ -2605,6 +2605,8 @@ char *utf8_to_local_string(utf8_string, escape_all)
+ int escape_all;
+ {
+ zwchar *wide = utf8_to_wide_string(utf8_string);
++ if (wide == NULL)
++ return NULL;
+ char *loc = wide_to_local_string(wide, escape_all);
+ free(wide);
+ return loc;
+
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-04-24 10:54:55 +0000