diff options
author | Vladimír Čunát <v@cunat.cz> | 2024-02-03 08:13:55 +0100 |
---|---|---|
committer | Vladimír Čunát <v@cunat.cz> | 2024-02-03 08:13:55 +0100 |
commit | 986458ffbc93648ce376dc101672261e86f0f4d7 (patch) | |
tree | af209ba48ad407ac0573c73f330b651d1fa68eec /pkgs/tools/archivers | |
parent | 59682b447315cd3ddf1f20f0e8d351fad19b691a (diff) | |
parent | dc0f09a49f590b825e93bfd9e0ea94b4b5701fc4 (diff) |
Merge #260710: zip: fix buffer overflow on Unicode path names
...into staging
Diffstat (limited to 'pkgs/tools/archivers')
-rw-r--r-- | pkgs/tools/archivers/zip/buffer-overflow-on-utf8-rh-bug-2165653.patch | 12 | ||||
-rw-r--r-- | pkgs/tools/archivers/zip/default.nix | 3 |
2 files changed, 15 insertions, 0 deletions
diff --git a/pkgs/tools/archivers/zip/buffer-overflow-on-utf8-rh-bug-2165653.patch b/pkgs/tools/archivers/zip/buffer-overflow-on-utf8-rh-bug-2165653.patch new file mode 100644 index 0000000000000..2ee3fff0db543 --- /dev/null +++ b/pkgs/tools/archivers/zip/buffer-overflow-on-utf8-rh-bug-2165653.patch @@ -0,0 +1,12 @@ +diff -urp zip30/fileio.c zip30/fileio.c +--- zip30/fileio.c 2008-05-29 03:13:24.000000000 +0300 ++++ zip30/fileio.c 2023-05-02 12:19:50.488314853 +0300 +@@ -3502,7 +3502,7 @@ zwchar *local_to_wide_string(local_strin + if ((wc_string = (wchar_t *)malloc((wsize + 1) * sizeof(wchar_t))) == NULL) { + ZIPERR(ZE_MEM, "local_to_wide_string"); + } +- wsize = mbstowcs(wc_string, local_string, strlen(local_string) + 1); ++ wsize = mbstowcs(wc_string, local_string, wsize + 1); + wc_string[wsize] = (wchar_t) 0; + + /* in case wchar_t is not zwchar */ diff --git a/pkgs/tools/archivers/zip/default.nix b/pkgs/tools/archivers/zip/default.nix index 1ac615a3d90ff..1d75040c77844 100644 --- a/pkgs/tools/archivers/zip/default.nix +++ b/pkgs/tools/archivers/zip/default.nix @@ -33,6 +33,9 @@ stdenv.mkDerivation rec { ./fix-memset-detection.patch # Implicit declaration of `closedir` and `opendir` cause dirent detection to fail with clang 16. ./fix-implicit-declarations.patch + # Buffer overflow on Unicode characters in path names + # https://bugzilla.redhat.com/show_bug.cgi?id=2165653 + ./buffer-overflow-on-utf8-rh-bug-2165653.patch ] ++ lib.optionals (enableNLS && !stdenv.isCygwin) [ ./natspec-gentoo.patch.bz2 ]; buildInputs = lib.optional enableNLS libnatspec |