[Forensics-changes] [fcrackzip] 87/93: Fix a crash on non-openable files (Closes: #715894).

Giovani Augusto Ferreira giovani-guest at moszumanska.debian.org
Wed Dec 28 03:06:47 UTC 2016 

This is an automated email from the git hooks/post-receive script.

giovani-guest pushed a commit to branch debian
in repository fcrackzip.

commit 68004777262ef1f3487e669cc0a8243a497e7265
Author: Adam Borowski <kilobyte at angband.pl>
Date:   Sat Aug 22 01:05:10 2015 +0200

    Fix a crash on non-openable files (Closes: #715894).
---
 debian/changelog                          |  1 +
 debian/patches/50-crash-on-bad-file.patch | 17 +++++++++++++++++
 debian/patches/series                     |  1 +
 3 files changed, 19 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index b8269d1..688398f 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -5,6 +5,7 @@ fcrackzip (1.0-6) UNRELEASED; urgency=medium
   * Fix a string breakage on 64-bit big-endian.
   * Make the build reproducible (Reiner Herrmann, closes: #782213).
   * Standards-Version 3.9.6.
+  * Fix a crash on non-openable files (Closes: #715894).
 
  -- Adam Borowski <kilobyte at angband.pl>  Sat, 15 Aug 2015 20:53:23 +0200
 
diff --git a/debian/patches/50-crash-on-bad-file.patch b/debian/patches/50-crash-on-bad-file.patch
new file mode 100644
index 0000000..ec324d9
--- /dev/null
+++ b/debian/patches/50-crash-on-bad-file.patch
@@ -0,0 +1,17 @@
+Description: fix a crash on non-openable files
+ The error handling for missing or otherwise non-openable files was bogus.
+ Bug found via Mayhem fuzzing by Alexandre Rebert.
+Author: Adam Borowski <kilobyte at angband.pl>
+Bug-Debian: https://bugs.debian.org/715894
+
+--- fcrackzip-1.0.orig/zipinfo.c
++++ fcrackzip-1.0/zipinfo.c
+@@ -47,7 +47,7 @@ static void parse_zip (char *path)
+   if (!f)
+     {
+       fprintf (stderr, "skipping '%s': %s\n", path, strerror (errno));
+-      goto out;
++      return;
+     }
+   
+   while (!feof (f))
diff --git a/debian/patches/series b/debian/patches/series
index c0c771d..8837d54 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -3,3 +3,4 @@
 20-readme.patch
 30-buffer-overflow-on--p.patch
 40-fix-big-endian-format.patch
+50-crash-on-bad-file.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/fcrackzip.git

More information about the forensics-changes mailing list