|
 |
a995b3 |
From 8f48323c181e20b7e527b8be7229d6eb1148ec5f Mon Sep 17 00:00:00 2001
|
|
|
a995b3 |
From: Guido Draheim <guidod@gmx.de>
|
|
|
a995b3 |
Date: Tue, 13 Mar 2018 00:23:33 +0100
|
|
|
a995b3 |
Subject: [PATCH] check rootseek and rootsize to be positive #27
|
|
|
a995b3 |
|
|
|
a995b3 |
---
|
|
|
a995b3 |
zzip/zip.c | 4 ++++
|
|
|
a995b3 |
1 file changed, 4 insertions(+)
|
|
|
a995b3 |
|
|
|
a995b3 |
diff --git a/zzip/zip.c b/zzip/zip.c
|
|
|
a995b3 |
index a5db9d8..6be8d7c 100644
|
|
|
a995b3 |
--- a/zzip/zip.c
|
|
|
a995b3 |
+++ b/zzip/zip.c
|
|
|
a995b3 |
@@ -318,6 +318,8 @@ __zzip_fetch_disk_trailer(int fd, zzip_off_t filesize,
|
|
|
a995b3 |
trailer->zz_rootseek = zzip_disk_trailer_rootseek(orig);
|
|
|
a995b3 |
trailer->zz_rootsize = zzip_disk_trailer_rootsize(orig);
|
|
|
a995b3 |
# endif
|
|
|
a995b3 |
+ if (trailer->zz_rootseek < 0 || trailer->zz_rootsize < 0)
|
|
|
a995b3 |
+ return(ZZIP_CORRUPTED); // forged value
|
|
|
a995b3 |
|
|
|
a995b3 |
__fixup_rootseek(offset + tail - mapped, trailer);
|
|
|
a995b3 |
/*
|
|
|
a995b3 |
@@ -344,6 +346,8 @@ __zzip_fetch_disk_trailer(int fd, zzip_off_t filesize,
|
|
|
a995b3 |
zzip_disk64_trailer_finalentries(orig);
|
|
|
a995b3 |
trailer->zz_rootseek = zzip_disk64_trailer_rootseek(orig);
|
|
|
a995b3 |
trailer->zz_rootsize = zzip_disk64_trailer_rootsize(orig);
|
|
|
a995b3 |
+ if (trailer->zz_rootseek < 0 || trailer->zz_rootsize < 0)
|
|
|
a995b3 |
+ return(ZZIP_CORRUPTED); // forged value
|
|
|
a995b3 |
/*
|
|
|
a995b3 |
* "extract data from files archived in a single zip file."
|
|
|
a995b3 |
* So the file offsets must be within the current ZIP archive!
|