mchapman/zlib
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Protect for long name and extra fields in contrib/minizip [Vollant].

Browse Source
This commit is contained in:
Mark Adler
2012-01-21 11:51:54 -08:00
parent 0458bbf2c0
commit 601b542a9d
1 changed files with 17 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
contrib/minizip/mztools.c
View File

@@ -42,7 +42,7 @@ uLong* bytesRecovered;
int entries = 0; int entries = 0;
uLong totalBytes = 0; uLong totalBytes = 0;
char header[30]; char header[30];
char filename[256]; char filename[1024];
char extra[1024]; char extra[1024];
int offset = 0; int offset = 0;
int offsetCD = 0; int offsetCD = 0;
@@ -73,6 +73,7 @@ uLong* bytesRecovered;
/* Filename */ /* Filename */
if (fnsize > 0) { if (fnsize > 0) {
if (fnsize < sizeof(filename)) {
if (fread(filename, 1, fnsize, fpZip) == fnsize) { if (fread(filename, 1, fnsize, fpZip) == fnsize) {
if (fwrite(filename, 1, fnsize, fpOut) == fnsize) { if (fwrite(filename, 1, fnsize, fpOut) == fnsize) {
offset += fnsize; offset += fnsize;
@@ -84,6 +85,10 @@ uLong* bytesRecovered;
err = Z_ERRNO; err = Z_ERRNO;
break; break;
} }
} else {
err = Z_ERRNO;
break;
}
} else { } else {
err = Z_STREAM_ERROR; err = Z_STREAM_ERROR;
break; break;
@@ -91,6 +96,7 @@ uLong* bytesRecovered;
/* Extra field */ /* Extra field */
if (extsize > 0) { if (extsize > 0) {
if (extsize < sizeof(extra)) {
if (fread(extra, 1, extsize, fpZip) == extsize) { if (fread(extra, 1, extsize, fpZip) == extsize) {
if (fwrite(extra, 1, extsize, fpOut) == extsize) { if (fwrite(extra, 1, extsize, fpOut) == extsize) {
offset += extsize; offset += extsize;
@@ -102,6 +108,10 @@ uLong* bytesRecovered;
err = Z_ERRNO; err = Z_ERRNO;
break; break;
} }
} else {
err = Z_ERRNO;
break;
}
} }
/* Data */ /* Data */