This patch will upgrade the unzip code to the latest version. The only downside is that it adds an external dependancy for zlib, but that isn't too much of a problem since it is present on most systems. I also provide a prebuilt static library of zlib for windows systems because they don't have it.
I suppose the benefit is that our existing copy unzip.c appears to contain a cut-and-paste of most of zlib 1.1.3, which has known bugs:
zlib Compression Library Corrupts malloc Data Structures via Double Free:
http://zlib.net/advisory-2002-03-11.txt
zlib inflate() routine vulnerable to buffer overflow:
http://www.kb.cert.org/vuls/id/680620
The zlib compression library is vulnerable to a denial-of-service condition:
http://www.kb.cert.org/vuls/id/238678
...so theoretically a malicious pk3 file downloaded from a server could own your box.
This might be worth doing. :/
--ryan.
Created attachment 1867 [details] Patch based on svn 1470Created attachment 1868 [details] code/libs/win32/libz.aCreated attachment 1869 [details] Integrate the unzip part of zlib directly into the source tree like libspeexI suppose the benefit is that our existing copy unzip.c appears to contain a cut-and-paste of most of zlib 1.1.3, which has known bugs: zlib Compression Library Corrupts malloc Data Structures via Double Free: http://zlib.net/advisory-2002-03-11.txt zlib inflate() routine vulnerable to buffer overflow: http://www.kb.cert.org/vuls/id/680620 The zlib compression library is vulnerable to a denial-of-service condition: http://www.kb.cert.org/vuls/id/238678 ...so theoretically a malicious pk3 file downloaded from a server could own your box. This might be worth doing. :/ --ryan.