https://build.opensuse.org/package/view_file/Archiving/unzip/CVE-2018-1000035.patch?expand=1 From: Date: Thu Feb 8 15:10:03 CET 2018 Upstream: merged References: http://www.info-zip.org/phpBB3/viewtopic.php?f=7&t=548 Index: fileio.c =================================================================== --- a/fileio.c.orig +++ b/fileio.c @@ -1582,7 +1582,11 @@ int UZ_EXP UzpPassword (pG, rcnt, pwbuf, int r = IZ_PW_ENTERED; char *m; char *prompt; - + char *zfnf; + char *efnf; + size_t zfnfl; + int isOverflow; + #ifndef REENTRANT /* tell picky compilers to shut up about "unused variable" warnings */ pG = pG; @@ -1590,7 +1590,15 @@ int UZ_EXP UzpPassword (pG, rcnt, pwbuf, if (*rcnt == 0) { /* First call for current entry */ *rcnt = 2; - if ((prompt = (char *)malloc(2*FILNAMSIZ + 15)) != (char *)NULL) { + zfnf = FnFilter1(zfn); + efnf = FnFilter2(efn); + zfnfl = strlen(zfnf); + isOverflow = TRUE; + if (2*FILNAMSIZ >= zfnfl && (2*FILNAMSIZ - zfnfl) >= strlen(efnf)) + { + isOverflow = FALSE; + } + if ((isOverflow == FALSE) && ((prompt = (char *)malloc(2*FILNAMSIZ + 15)) != (char *)NULL)) { sprintf(prompt, LoadFarString(PasswPrompt), FnFilter1(zfn), FnFilter2(efn)); m = prompt;