Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

zlib: add patch for CVE 2023-45853 #1187

Merged
merged 1 commit into from
Dec 22, 2023
Merged

zlib: add patch for CVE 2023-45853 #1187

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
39 changes: 39 additions & 0 deletions gvsbuild/patches/zlib/0001-Reject-overflows-of-zip-header-fields-in-minizip.patch
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
From 73331a6a0481067628f065ffe87bb1d8f787d10c Mon Sep 17 00:00:00 2001
From: Hans Wennborg <hans@chromium.org>
Date: Fri, 18 Aug 2023 11:05:33 +0200
Subject: [PATCH] Reject overflows of zip header fields in minizip.

This checks the lengths of the file name, extra field, and comment
that would be put in the zip headers, and rejects them if they are
too long. They are each limited to 65535 bytes in length by the zip
format. This also avoids possible buffer overflows if the provided
fields are too long.
---
contrib/minizip/zip.c | 11 +++++++++++
1 file changed, 11 insertions(+)

diff --git a/contrib/minizip/zip.c b/contrib/minizip/zip.c
index 3d3d4ca..0446109 100644
--- a/contrib/minizip/zip.c
+++ b/contrib/minizip/zip.c
@@ -1043,6 +1043,17 @@ extern int ZEXPORT zipOpenNewFileInZip4_64(zipFile file, const char* filename, c
return ZIP_PARAMERROR;
#endif

+ // The filename and comment length must fit in 16 bits.
+ if ((filename!=NULL) && (strlen(filename)>0xffff))
+ return ZIP_PARAMERROR;
+ if ((comment!=NULL) && (strlen(comment)>0xffff))
+ return ZIP_PARAMERROR;
+ // The extra field length must fit in 16 bits. If the member also requires
+ // a Zip64 extra block, that will also need to fit within that 16-bit
+ // length, but that will be checked for later.
+ if ((size_extrafield_local>0xffff) || (size_extrafield_global>0xffff))
+ return ZIP_PARAMERROR;
+
zi = (zip64_internal*)file;

if (zi->in_opened_file_inzip == 1)
--
2.34.1

3 changes: 3 additions & 0 deletions gvsbuild/projects/zlib.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,9 @@ def __init__(self):
version="1.3",
archive_url="https://github.com/madler/zlib/releases/download/v{version}/zlib-{version}.tar.xz",
hash="8a9ba2898e1d0d774eca6ba5b4627a11e5588ba85c8851336eb38de4683050a7",
patches=[
"0001-Reject-overflows-of-zip-header-fields-in-minizip.patch",
],
)

def build(self):
Expand Down