]> granicus.if.org Git - zziplib/commitdiff
check strdup being possible null / CVE-2017-5978
authorGuido Draheim <guidod@gmx.de>
Thu, 20 Apr 2017 21:25:21 +0000 (23:25 +0200)
committerGuido Draheim <guidod@gmx.de>
Thu, 20 Apr 2017 21:25:21 +0000 (23:25 +0200)
zzip/memdisk.c

index de14497e81a39040f9cae2cf6521ba4eb71b4d83..9a300ea05227a589df848d40252d43a2c106c5a4 100644 (file)
@@ -193,6 +193,11 @@ zzip_mem_entry_new(ZZIP_DISK * disk, ZZIP_DISK_ENTRY * entry)
     item->zz_usize = zzip_disk_entry_get_usize(entry);
     item->zz_diskstart = zzip_disk_entry_get_diskstart(entry);
     item->zz_filetype = zzip_disk_entry_get_filetype(entry);
+    
+    if (! item->zz_comment || ! item->zz_name)
+    {
+        goto error; /* errno=ENOMEM */
+    }
 
     {   /* copy the extra blocks to memory as well (maximum 64K each) */
         zzip_size_t /*    */ ext1_len = zzip_disk_entry_get_extras(entry);