diff options
Diffstat (limited to 'import-layers/yocto-poky/meta/recipes-extended/unzip/unzip/fix-security-format.patch')
-rw-r--r-- | import-layers/yocto-poky/meta/recipes-extended/unzip/unzip/fix-security-format.patch | 97 |
1 files changed, 97 insertions, 0 deletions
diff --git a/import-layers/yocto-poky/meta/recipes-extended/unzip/unzip/fix-security-format.patch b/import-layers/yocto-poky/meta/recipes-extended/unzip/unzip/fix-security-format.patch new file mode 100644 index 000000000..8e9b06c42 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-extended/unzip/unzip/fix-security-format.patch @@ -0,0 +1,97 @@ +unzip: Fixing security formatting issues + +Fix security formatting issues related to sprintf parameters expeted. + +[YOCTO #9551] +[https://bugzilla.yoctoproject.org/show_bug.cgi?id=9551] + +Upstream-Status: Pending + +Signed-off-by: Edwin Plauchu <edwin.plauchu.camacho@intel.com> + +diff --git a/extract.c b/extract.c +index 7cd9123..25c5a62 100644 +--- a/extract.c ++++ b/extract.c +@@ -475,7 +475,7 @@ int extract_or_test_files(__G) /* return PK-type error code */ + Info(slide, 0x401, ((char *)slide, + LoadFarString(CentSigMsg), j + blknum*DIR_BLKSIZ + 1)); + Info(slide, 0x401, ((char *)slide, +- LoadFarString(ReportMsg))); ++ "%s",LoadFarString(ReportMsg))); + error_in_archive = PK_BADERR; + } + reached_end = TRUE; /* ...so no more left to do */ +@@ -754,8 +754,8 @@ int extract_or_test_files(__G) /* return PK-type error code */ + + #ifndef SFX + if (no_endsig_found) { /* just to make sure */ +- Info(slide, 0x401, ((char *)slide, LoadFarString(EndSigMsg))); +- Info(slide, 0x401, ((char *)slide, LoadFarString(ReportMsg))); ++ Info(slide, 0x401, ((char *)slide, "%s", LoadFarString(EndSigMsg))); ++ Info(slide, 0x401, ((char *)slide, "%s", LoadFarString(ReportMsg))); + if (!error_in_archive) /* don't overwrite stronger error */ + error_in_archive = PK_WARN; + } +diff --git a/list.c b/list.c +index 15e0011..0b484f6 100644 +--- a/list.c ++++ b/list.c +@@ -181,7 +181,7 @@ int list_files(__G) /* return PK-type error code */ + Info(slide, 0x401, + ((char *)slide, LoadFarString(CentSigMsg), j)); + Info(slide, 0x401, +- ((char *)slide, LoadFarString(ReportMsg))); ++ ((char *)slide, "%s", LoadFarString(ReportMsg))); + return PK_BADERR; /* sig not found */ + } + } +@@ -507,7 +507,7 @@ int list_files(__G) /* return PK-type error code */ + && (!G.ecrec.is_zip64_archive) + && (memcmp(G.sig, end_central_sig, 4) != 0) + ) { /* just to make sure again */ +- Info(slide, 0x401, ((char *)slide, LoadFarString(EndSigMsg))); ++ Info(slide, 0x401, ((char *)slide, "%s", LoadFarString(EndSigMsg))); + error_in_archive = PK_WARN; /* didn't find sig */ + } + +@@ -591,7 +591,7 @@ int get_time_stamp(__G__ last_modtime, nmember) /* return PK-type error code */ + Info(slide, 0x401, + ((char *)slide, LoadFarString(CentSigMsg), j)); + Info(slide, 0x401, +- ((char *)slide, LoadFarString(ReportMsg))); ++ ((char *)slide, "%s", LoadFarString(ReportMsg))); + return PK_BADERR; /* sig not found */ + } + } +@@ -674,7 +674,7 @@ int get_time_stamp(__G__ last_modtime, nmember) /* return PK-type error code */ + ---------------------------------------------------------------------------*/ + + if (memcmp(G.sig, end_central_sig, 4)) { /* just to make sure again */ +- Info(slide, 0x401, ((char *)slide, LoadFarString(EndSigMsg))); ++ Info(slide, 0x401, ((char *)slide, "%s", LoadFarString(EndSigMsg))); + error_in_archive = PK_WARN; + } + if (*nmember == 0L && error_in_archive <= PK_WARN) +diff --git a/zipinfo.c b/zipinfo.c +index 0ac75b3..1e7fa82 100644 +--- a/zipinfo.c ++++ b/zipinfo.c +@@ -833,7 +833,7 @@ int zipinfo(__G) /* return PK-type error code */ + Info(slide, 0x401, + ((char *)slide, LoadFarString(CentSigMsg), j)); + Info(slide, 0x401, +- ((char *)slide, LoadFarString(ReportMsg))); ++ ((char *)slide, "%s", LoadFarString(ReportMsg))); + error_in_archive = PK_BADERR; /* sig not found */ + break; + } +@@ -1022,7 +1022,7 @@ int zipinfo(__G) /* return PK-type error code */ + && (!G.ecrec.is_zip64_archive) + && (memcmp(G.sig, end_central_sig, 4) != 0) + ) { /* just to make sure again */ +- Info(slide, 0x401, ((char *)slide, LoadFarString(EndSigMsg))); ++ Info(slide, 0x401, ((char *)slide, "%s", LoadFarString(EndSigMsg))); + error_in_archive = PK_WARN; /* didn't find sig */ + } + |