-
Notifications
You must be signed in to change notification settings - Fork 50
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
error: Incorrect handling of function 'zzip_fread' return value #68
Comments
@gdraheim can we consider this issue fixed? |
Yes, I think it's been fixed. |
If your PoC doesn't hang in a infinite loop anymore I think you're ok to close this issue |
CVE-2020-18442 is assigned for this issue |
Has CVE-2020-18442 been fixed? I find that the patch has not been incorporated into the mainline branch. |
All the above commits are both part of |
Sorry, it was an oversight on my part. So has CVE-2020-18442 been fixed? I find that the issue is still open. |
Hello, I found a bug of zziplib on the lastest commit b7747bc. It's in the function unzzip_cat_file (unzzipcat-zip.c:37) , and it is caused by incorrect handling of the return value of the function ‘zzip_fread’.
Relevant code in function unzzip_cat_file in unzzipcat-zip.c:
POC.zip
Using the POC file, I find that the function zzip_file_read returns -1. And it is handled incorrectly in the caller (unzzip_cat_file), which leads to an infinite loop.
The text was updated successfully, but these errors were encountered: