Apply fix for CVE-2015-1315 from Marc Deslauriers

<marc.deslauriers@canonical.com>. MFH: 2015Q1 Approved by: so
svn path=/head/; revision=379192
2025-07-18 01:39:16 -04:00 · 2015-02-17 21:58:40 +00:00 · 2015-02-17 21:58:40 +00:00 · 092361d6ae · 2021-03-31 03:12:20 +00:00
commit 092361d6ae
parent aade72ebb2
2 changed files with 16 additions and 4 deletions
--- a/archivers/unzip/Makefile
+++ b/archivers/unzip/Makefile
@ -3,7 +3,7 @@

 PORTNAME=	unzip
 PORTVERSION=	6.0
-PORTREVISION=	4
+PORTREVISION=	5
 CATEGORIES=	archivers
 MASTER_SITES=	SF/infozip/UnZip%206.x%20%28latest%29/UnZip%20${PORTVERSION}/:main \
 		SF/infozip/UnZip%205.x%20and%20earlier/5.51/:unreduce
--- a/archivers/unzip/files/extra-iconv-patch-unix_unix.c
+++ b/archivers/unzip/files/extra-iconv-patch-unix_unix.c
@ -76,11 +76,23 @@
 +
 +    slen = strlen(string);
 +    s = string;
-+    dlen = buflen = 2*slen;
-+    d = buf = malloc(buflen + 1);
+
+    /*  Make sure OUTBUFSIZ + 1 never ends up smaller than FILNAMSIZ
+     *  as this function also gets called with G.outbuf in fileio.c
+     */
+    buflen = FILNAMSIZ;
+    if (OUTBUFSIZ + 1 < FILNAMSIZ)
+    {
+        buflen = OUTBUFSIZ + 1;
+    }
+
+    d = buf = malloc(buflen);
 +    if(!d)
 +    	goto cleanup;
+
 +    bzero(buf,buflen);
+    dlen = buflen - 1;
+
 +    if(iconv(cd, &s, &slen, &d, &dlen) == (size_t)-1)
 +    	goto cleanup;
 +    strncpy(string, buf, buflen);