archivers/unzoo: fix out-of-bounds read when matching non-ASCII

Found by GCC's -Wchar-subscripts.

3 files changed, 45 insertions, 2 deletions

diff --git a/archivers/unzoo/Makefile b/archivers/unzoo/Makefile
index 2dfdfcc68a5..57e403d1452 100644
--- a/archivers/unzoo/Makefile
+++ b/archivers/unzoo/Makefile
@@ -1,8 +1,9 @@
-# $NetBSD: Makefile,v 1.14 2014/10/09 14:05:54 wiz Exp $
+# $NetBSD: Makefile,v 1.15 2020/03/26 22:29:47 rillig Exp $
 #
 
 DISTNAME=	unzoo.c
 PKGNAME=	unzoo-4.4
+PKGREVISION=	1
 CATEGORIES=	archivers
 MASTER_SITES=	# no dist site available
 EXTRACT_SUFX=	# empty
diff --git a/archivers/unzoo/distinfo b/archivers/unzoo/distinfo
index 68ecdf9021c..38f489e1685 100644
--- a/archivers/unzoo/distinfo
+++ b/archivers/unzoo/distinfo
@@ -1,6 +1,7 @@
-$NetBSD: distinfo,v 1.3 2015/11/03 00:56:26 agc Exp $
+$NetBSD: distinfo,v 1.4 2020/03/26 22:29:47 rillig Exp $
 
 SHA1 (unzoo.c) = 99a6e9922ccdf5d454c78d3a514d5e33ae17562d
 RMD160 (unzoo.c) = f7cf751dc865e73d3c51e4476dd2472e409b20ff
 SHA512 (unzoo.c) = d293e244e44af131702550ddefdd035e32de3e7228f6c1c805139d448ba96357931405d313405572c30fc7c8d2ff005cc0ffc4d0ad209f47ee9ec1217ccaed21
 Size (unzoo.c) = 115328 bytes
+SHA1 (patch-unzoo.c) = 5b652586c919a8a5a5498c00ae2330620af39ea4
diff --git a/archivers/unzoo/patches/patch-unzoo.c b/archivers/unzoo/patches/patch-unzoo.c
new file mode 100644
index 00000000000..9c39b79a566
--- /dev/null
+++ b/archivers/unzoo/patches/patch-unzoo.c
@@ -0,0 +1,41 @@
+$NetBSD: patch-unzoo.c,v 1.1 2020/03/26 22:29:47 rillig Exp $
+
+unzoo.c: In function 'IsMatchName':
+unzoo.c:1268:40: error: array subscript has type 'char' [-Werror=char-subscripts]
+         else if ( *pat=='?' && ! IsSpec[*str] ) { pat++;       str++;       }
+                                        ^
+unzoo.c:1271:40: error: array subscript has type 'char' [-Werror=char-subscripts]
+         else if ( tmp != 0  && ! IsSpec[*tmp] ) { pat =   pos; str = ++tmp; }
+                                        ^
+
+This looks indeed like undefined behavior since the function IsMatchName
+accepts arbitrary filenames, and filenames containing non-ASCII
+characters would access the array outside of its bounds.
+
+On NetBSD-8.0-x86_64 using GCC 5.5.0 the memory below IsSpec is BufArch,
+which means that pattern matching depended on the contents of the archive
+before.
+
+--- unzoo.c.orig	2020-03-26 22:01:16.074248902 +0000
++++ unzoo.c
+@@ -244,6 +244,7 @@
+ *H
+ */
+ #include        <stdio.h>
++#include	<string.h>
+ 
+ 
+ /****************************************************************************
+@@ -1265,10 +1266,10 @@ int             IsMatchName ( pat, str )
+     /* try to match the name part                                          */
+     while ( *pat != '\0' || *str != '\0' ) {
+         if      ( *pat==*str                  ) { pat++;       str++;       }
+-        else if ( *pat=='?' && ! IsSpec[*str] ) { pat++;       str++;       }
++        else if ( *pat=='?' && ! IsSpec[(unsigned char) *str] ) { pat++;       str++;       }
+         else if ( *pat=='?' && *str != '\0'   ) { pat++;       str++;       }
+         else if ( *pat=='*'                   ) { pos = ++pat; tmp =   str; }
+-        else if ( tmp != 0  && ! IsSpec[*tmp] ) { pat =   pos; str = ++tmp; }
++        else if ( tmp != 0  && ! IsSpec[(unsigned char) *tmp] ) { pat =   pos; str = ++tmp; }
+         else                                    break;
+     }
+     return *pat == '\0' && *str == '\0';