Merge #260710: zip: fix buffer overflow on Unicode path names

...into staging

2 files changed, 15 insertions, 0 deletions

diff --git a/pkgs/tools/archivers/zip/buffer-overflow-on-utf8-rh-bug-2165653.patch b/pkgs/tools/archivers/zip/buffer-overflow-on-utf8-rh-bug-2165653.patch
new file mode 100644
index 0000000000000..2ee3fff0db543
--- /dev/null
+++ b/pkgs/tools/archivers/zip/buffer-overflow-on-utf8-rh-bug-2165653.patch
@@ -0,0 +1,12 @@
+diff -urp zip30/fileio.c zip30/fileio.c
+--- zip30/fileio.c	2008-05-29 03:13:24.000000000 +0300
++++ zip30/fileio.c	2023-05-02 12:19:50.488314853 +0300
+@@ -3502,7 +3502,7 @@ zwchar *local_to_wide_string(local_strin
+   if ((wc_string = (wchar_t *)malloc((wsize + 1) * sizeof(wchar_t))) == NULL) {
+     ZIPERR(ZE_MEM, "local_to_wide_string");
+   }
+-  wsize = mbstowcs(wc_string, local_string, strlen(local_string) + 1);
++  wsize = mbstowcs(wc_string, local_string, wsize + 1);
+   wc_string[wsize] = (wchar_t) 0;
+ 
+   /* in case wchar_t is not zwchar */
diff --git a/pkgs/tools/archivers/zip/default.nix b/pkgs/tools/archivers/zip/default.nix
index 1ac615a3d90ff..1d75040c77844 100644
--- a/pkgs/tools/archivers/zip/default.nix
+++ b/pkgs/tools/archivers/zip/default.nix
@@ -33,6 +33,9 @@ stdenv.mkDerivation rec {
     ./fix-memset-detection.patch
     # Implicit declaration of `closedir` and `opendir` cause dirent detection to fail with clang 16.
     ./fix-implicit-declarations.patch
+    # Buffer overflow on Unicode characters in path names
+    # https://bugzilla.redhat.com/show_bug.cgi?id=2165653
+    ./buffer-overflow-on-utf8-rh-bug-2165653.patch
   ] ++ lib.optionals (enableNLS && !stdenv.isCygwin) [ ./natspec-gentoo.patch.bz2 ];
 
   buildInputs = lib.optional enableNLS libnatspec