Fix CVE-2015-2331 in libzip

2015-09-22 00:59:01 +02:00 · 2015-09-22 00:59:01 +02:00 · 3614547d74
parent 015dfe0f35
commit 3614547d74
2 changed files with 3 additions and 3 deletions
--- a/shlr/zip/zip/zip_dirent.c
+++ b/shlr/zip/zip/zip_dirent.c
@ -108,9 +108,9 @@ _zip_cdir_new(zip_uint64_t nentry, struct zip_error *error)
 	return NULL;
    }

-    if (nentry == 0)
+    if (nentry == 0) {
 	cd->entry = NULL;
-    else if ((cd->entry=(struct zip_entry *)malloc(sizeof(*(cd->entry))*nentry)) == NULL) {
+    } else if ((nentry > SIZE_MAX/sizeof(*(cd->entry))) || (cd->entry=(struct zip_entry *)malloc(sizeof(*(cd->entry))*(size_t)nentry)) == NULL) {
 	_zip_error_set(error, ZIP_ER_MEMORY, 0);
 	free(cd);
 	return NULL;
--- a/sys/ios-sdk.sh
+++ b/sys/ios-sdk.sh
@ -13,7 +13,7 @@ PREFIX="/usr"
 #)
 #fi
 case "$1" in
-arm|armv7)
+''|arm|armv7)
 	CPU=armv7
 	shift
 	;;