From dd8f50c3174b4374938b92ef18faf8400214f756 Mon Sep 17 00:00:00 2001
From: Tobias Stoeckmann <stoeckmann@users.noreply.github.com>
Date: Fri, 10 May 2024 01:32:09 +0200
Subject: [PATCH] unzip: Unify EOF handling (#2175)

If EOF is encountered while reading the new filename after choosing 'r',
avoid out of boundary access and usage of undefined memory content by
treating it the same way as if the question itself was not answered.
---
 unzip/bsdunzip.c | 17 ++++++++++-------
 1 file changed, 10 insertions(+), 7 deletions(-)

diff --git a/unzip/bsdunzip.c b/unzip/bsdunzip.c
index af3fb14c3..cec181048 100644
--- a/unzip/bsdunzip.c
+++ b/unzip/bsdunzip.c
@@ -484,13 +484,8 @@ handle_existing_file(char **path)
 		fprintf(stderr,
 		    "replace %s? [y]es, [n]o, [A]ll, [N]one, [r]ename: ",
 		    *path);
-		if (fgets(buf, sizeof(buf), stdin) == NULL) {
-			clearerr(stdin);
-			printf("NULL\n(EOF or read error, "
-			    "treating as \"[N]one\"...)\n");
-			n_opt = 1;
-			return -1;
-		}
+		if (fgets(buf, sizeof(buf), stdin) == NULL)
+			goto stdin_err;
 		switch (*buf) {
 		case 'A':
 			o_opt = 1;
@@ -512,6 +507,8 @@ handle_existing_file(char **path)
 			*path = NULL;
 			alen = 0;
 			len = getline(path, &alen, stdin);
+			if (len < 1)
+				goto stdin_err;
 			if ((*path)[len - 1] == '\n')
 				(*path)[len - 1] = '\0';
 			return 0;
@@ -519,6 +516,12 @@ handle_existing_file(char **path)
 			break;
 		}
 	}
+stdin_err:
+	clearerr(stdin);
+	printf("NULL\n(EOF or read error, "
+		"treating as \"[N]one\"...)\n");
+	n_opt = 1;
+	return -1;
 }
 
 /*
-- 
2.47.3