32 lines
1.4 KiB
Diff
32 lines
1.4 KiB
Diff
From 8f48323c181e20b7e527b8be7229d6eb1148ec5f Mon Sep 17 00:00:00 2001
|
|
From: Guido Draheim <guidod@gmx.de>
|
|
Date: Tue, 13 Mar 2018 00:23:33 +0100
|
|
Subject: [PATCH] check rootseek and rootsize to be positive #27
|
|
|
|
---
|
|
zzip/zip.c | 4 ++++
|
|
1 file changed, 4 insertions(+)
|
|
|
|
diff --git a/zzip/zip.c b/zzip/zip.c
|
|
index a5db9d8..6be8d7c 100644
|
|
--- a/zzip/zip.c
|
|
+++ b/zzip/zip.c
|
|
@@ -318,6 +318,8 @@ __zzip_fetch_disk_trailer(int fd, zzip_off_t filesize,
|
|
trailer->zz_rootseek = zzip_disk_trailer_rootseek(orig);
|
|
trailer->zz_rootsize = zzip_disk_trailer_rootsize(orig);
|
|
# endif
|
|
+ if (trailer->zz_rootseek < 0 || trailer->zz_rootsize < 0)
|
|
+ return(ZZIP_CORRUPTED); // forged value
|
|
|
|
__fixup_rootseek(offset + tail - mapped, trailer);
|
|
/*
|
|
@@ -344,6 +346,8 @@ __zzip_fetch_disk_trailer(int fd, zzip_off_t filesize,
|
|
zzip_disk64_trailer_finalentries(orig);
|
|
trailer->zz_rootseek = zzip_disk64_trailer_rootseek(orig);
|
|
trailer->zz_rootsize = zzip_disk64_trailer_rootsize(orig);
|
|
+ if (trailer->zz_rootseek < 0 || trailer->zz_rootsize < 0)
|
|
+ return(ZZIP_CORRUPTED); // forged value
|
|
/*
|
|
* "extract data from files archived in a single zip file."
|
|
* So the file offsets must be within the current ZIP archive!
|