From 0cd19f9aeb75d020f68fbc5f87c0719ceada5669 Mon Sep 17 00:00:00 2001
From: licihua <licihua@huawei.com>
Date: Wed, 27 Sep 2023 20:51:48 +0800
Subject: [PATCH] fix CVE-2020-18770

---
 backport-CVE-2020-18770.patch | 33 +++++++++++++++++++++++++++++++++
 zziplib.spec                  |  7 ++++++-
 2 files changed, 39 insertions(+), 1 deletion(-)
 create mode 100644 backport-CVE-2020-18770.patch

diff --git a/backport-CVE-2020-18770.patch b/backport-CVE-2020-18770.patch
new file mode 100644
index 0000000..9687103
--- /dev/null
+++ b/backport-CVE-2020-18770.patch
@@ -0,0 +1,33 @@
+From 99462cac1c6581bce36fe17fd1f430cbe114f0af Mon Sep 17 00:00:00 2001
+From: Valentin Lefebvre <valentin.lefebvre@suse.com>
+Date: Wed, 20 Sep 2023 12:04:56 +0200
+Subject: [PATCH] mmappend.c: pre-check header trailer magic
+
+* Avoid potential ASAN:SIGSEGV invalid memory access by pre-check the header
+  trailer magic.
+* CVE-2020-18770
+
+Signed-off-by: Valentin Lefebvre <valentin.lefebvre@suse.com>
+
+---
+ zzip/mmapped.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/zzip/mmapped.c b/zzip/mmapped.c
+index 8af18f4..49990e6 100644
+--- a/zzip/mmapped.c
++++ b/zzip/mmapped.c
+@@ -269,7 +269,9 @@ zzip_disk_entry_to_file_header(ZZIP_DISK * disk, struct zzip_disk_entry *entry)
+         return 0;
+     }
+     ___  struct zzip_file_header *file_header = (void *) ptr;
+-    if (zzip_file_header_get_magic(file_header) != ZZIP_FILE_HEADER_MAGIC)
++    if (file_header != 'P' || /* quick pre-check for trailer magic */
++        zzip_file_header_get_magic(file_header) != ZZIP_FILE_HEADER_MAGIC)
++ 
+     {
+         errno = EBADMSG;
+         return 0;
+-- 
+2.40.1
+
diff --git a/zziplib.spec b/zziplib.spec
index 69b0a9c..0c9406f 100644
--- a/zziplib.spec
+++ b/zziplib.spec
@@ -4,7 +4,7 @@ sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool
 
 Name:            zziplib
 Version:         0.13.71
-Release:         4
+Release:         5
 Summary:         Lightweight library for zip compression
 License:         LGPLv2+ or MPLv1.1
 URL:             http://zziplib.sourceforge.net
@@ -18,6 +18,7 @@ Patch6004:       backport-0005-CVE-2020-18442.patch
 Patch6005:       backport-0006-CVE-2020-18442.patch
 Patch6006:       backport-0007-CVE-2020-18442.patch
 Patch6007:       zziplib-0.13.71-sw.patch
+Patch6008:	 backport-CVE-2020-18770.patch
 
 BuildRequires:   perl-interpreter  zip xmlto
 BuildRequires:   zlib-devel SDL-devel pkgconfig autoconf automake gcc make
@@ -60,6 +61,7 @@ sed -i -e 's:docs ::g' Makefile.am
 %patch6005 -p1
 %patch6006 -p1
 %patch6007 -p1
+%patch6008 -p1
 
 %build
 %configure --disable-static --enable-sdl --enable-frame-pointer --enable-builddir=_builddir
@@ -93,6 +95,9 @@ find %{buildroot} -type f -name "*.la" -delete -print
 %{_mandir}/man3/*
 
 %changelog
+* Wed Sep 27 2023 licihua <licihua@huawei.com> - 0.13.71-5
+- fix CVE-2020-18770
+
 * Wed Oct 26 2022 wuzx<wuzx1226@qq.com> - 0.13.71-4
 - Add sw64 architecture
 
-- 
Gitee