The branch stable/13 has been updated by nyan:
URL:
https://cgit.FreeBSD.org/src/commit/?id=3bfe213143c562154e04d840380651f182df04de
commit 3bfe213143c562154e04d840380651f182df04de
Author: Yoshihiro Takahashi <n...@freebsd.org>
AuthorDate: 2021-10-10 11:49:19 +0000
Commit: Yoshihiro Takahashi <n...@freebsd.org>
CommitDate: 2021-10-18 11:16:02 +0000
unzip: Fix segmentation fault if a zip file contains buggy filename.
PR: 259011
Reported by: Robert Morris
Submitted by: ak
(cherry picked from commit 2c614481fd5248c1685e713f67d40cf2d5fba494)
---
usr.bin/unzip/unzip.c | 15 +++++++++++++--
1 file changed, 13 insertions(+), 2 deletions(-)
diff --git a/usr.bin/unzip/unzip.c b/usr.bin/unzip/unzip.c
index e5ca1ff2c939..0b564b0f08ec 100644
--- a/usr.bin/unzip/unzip.c
+++ b/usr.bin/unzip/unzip.c
@@ -211,6 +211,9 @@ pathdup(const char *path)
char *str;
size_t i, len;
+ if (path == NULL || path[0] == '\0')
+ return (NULL);
+
len = strlen(path);
while (len && path[len - 1] == '/')
len--;
@@ -697,7 +700,11 @@ extract(struct archive *a, struct archive_entry *e)
mode_t filetype;
char *p, *q;
- pathname = pathdup(archive_entry_pathname(e));
+ if ((pathname = pathdup(archive_entry_pathname(e))) == NULL) {
+ warningx("skipping empty or unreadable filename entry");
+ ac(archive_read_data_skip(a));
+ return;
+ }
filetype = archive_entry_filetype(e);
/* sanity checks */
@@ -760,7 +767,11 @@ extract_stdout(struct archive *a, struct archive_entry *e)
char *pathname;
mode_t filetype;
- pathname = pathdup(archive_entry_pathname(e));
+ if ((pathname = pathdup(archive_entry_pathname(e))) == NULL) {
+ warningx("skipping empty or unreadable filename entry");
+ ac(archive_read_data_skip(a));
+ return;
+ }
filetype = archive_entry_filetype(e);
/* I don't think this can happen in a zipfile.. */
