49 lines
1.5 KiB
Diff
49 lines
1.5 KiB
Diff
From 1ba660b3300d67b8ce9f6b96bbae0b36fa2d6b06 Mon Sep 17 00:00:00 2001
|
|
From: Guido Draheim <guidod@gmx.de>
|
|
Date: Tue, 13 Mar 2018 01:29:44 +0100
|
|
Subject: [PATCH] check zlib space to be within buffer #39
|
|
|
|
---
|
|
zzip/memdisk.c | 9 +++++++++
|
|
zzip/mmapped.c | 2 ++
|
|
2 files changed, 11 insertions(+)
|
|
|
|
diff --git a/zzip/memdisk.c b/zzip/memdisk.c
|
|
index 3de201c..8d5743d 100644
|
|
--- a/zzip/memdisk.c
|
|
+++ b/zzip/memdisk.c
|
|
@@ -521,11 +521,20 @@ zzip_mem_entry_fopen(ZZIP_MEM_DISK * dir, ZZIP_MEM_ENTRY * entry)
|
|
file->zlib.avail_in = zzip_mem_entry_csize(entry);
|
|
file->zlib.next_in = zzip_mem_entry_to_data(entry);
|
|
|
|
+ debug2("compressed size %i", (int) file->zlib.avail_in);
|
|
+ if (file->zlib.next_in + file->zlib.avail_in >= file->endbuf)
|
|
+ goto error;
|
|
+ if (file->zlib.next_in < file->buffer)
|
|
+ goto error;
|
|
+
|
|
if (! zzip_mem_entry_data_deflated(entry) ||
|
|
inflateInit2(&file->zlib, -MAX_WBITS) != Z_OK)
|
|
{ free (file); return 0; }
|
|
|
|
return file;
|
|
+error:
|
|
+ errno = EBADMSG;
|
|
+ return NULL;
|
|
}
|
|
|
|
zzip__new__ ZZIP_MEM_DISK_FILE *
|
|
diff --git a/zzip/mmapped.c b/zzip/mmapped.c
|
|
index 920c4df..8af18f4 100644
|
|
--- a/zzip/mmapped.c
|
|
+++ b/zzip/mmapped.c
|
|
@@ -654,6 +654,8 @@ zzip_disk_entry_fopen(ZZIP_DISK * disk, ZZIP_DISK_ENTRY * entry)
|
|
DBG2("compressed size %i", (int) file->zlib.avail_in);
|
|
if (file->zlib.next_in + file->zlib.avail_in >= disk->endbuf)
|
|
goto error;
|
|
+ if (file->zlib.next_in < disk->buffer)
|
|
+ goto error;
|
|
|
|
if (! zzip_file_header_data_deflated(header))
|
|
goto error;
|