diff options
| author | Mark Adler <madler@alumni.caltech.edu> | 2012-01-21 11:51:54 -0800 |
|---|---|---|
| committer | Mark Adler <madler@alumni.caltech.edu> | 2012-01-21 11:58:45 -0800 |
| commit | 601b542a9d6c3689fce1414ec089d5f193656faa (patch) | |
| tree | 4f9b82cf4ab45bb635c2af1ac3dd2a9ed5c93e5c /contrib | |
| parent | 0458bbf2c0cbc41ff06c4db3da0f63ab0785d801 (diff) | |
| download | zlib-601b542a9d6c3689fce1414ec089d5f193656faa.tar.gz zlib-601b542a9d6c3689fce1414ec089d5f193656faa.tar.bz2 zlib-601b542a9d6c3689fce1414ec089d5f193656faa.zip | |
Protect for long name and extra fields in contrib/minizip [Vollant].
Diffstat (limited to 'contrib')
| -rw-r--r-- | contrib/minizip/mztools.c | 24 |
1 files changed, 17 insertions, 7 deletions
diff --git a/contrib/minizip/mztools.c b/contrib/minizip/mztools.c index f9092e6..96891c2 100644 --- a/contrib/minizip/mztools.c +++ b/contrib/minizip/mztools.c | |||
| @@ -42,7 +42,7 @@ uLong* bytesRecovered; | |||
| 42 | int entries = 0; | 42 | int entries = 0; |
| 43 | uLong totalBytes = 0; | 43 | uLong totalBytes = 0; |
| 44 | char header[30]; | 44 | char header[30]; |
| 45 | char filename[256]; | 45 | char filename[1024]; |
| 46 | char extra[1024]; | 46 | char extra[1024]; |
| 47 | int offset = 0; | 47 | int offset = 0; |
| 48 | int offsetCD = 0; | 48 | int offsetCD = 0; |
| @@ -73,9 +73,14 @@ uLong* bytesRecovered; | |||
| 73 | 73 | ||
| 74 | /* Filename */ | 74 | /* Filename */ |
| 75 | if (fnsize > 0) { | 75 | if (fnsize > 0) { |
| 76 | if (fread(filename, 1, fnsize, fpZip) == fnsize) { | 76 | if (fnsize < sizeof(filename)) { |
| 77 | if (fwrite(filename, 1, fnsize, fpOut) == fnsize) { | 77 | if (fread(filename, 1, fnsize, fpZip) == fnsize) { |
| 78 | offset += fnsize; | 78 | if (fwrite(filename, 1, fnsize, fpOut) == fnsize) { |
| 79 | offset += fnsize; | ||
| 80 | } else { | ||
| 81 | err = Z_ERRNO; | ||
| 82 | break; | ||
| 83 | } | ||
| 79 | } else { | 84 | } else { |
| 80 | err = Z_ERRNO; | 85 | err = Z_ERRNO; |
| 81 | break; | 86 | break; |
| @@ -91,9 +96,14 @@ uLong* bytesRecovered; | |||
| 91 | 96 | ||
| 92 | /* Extra field */ | 97 | /* Extra field */ |
| 93 | if (extsize > 0) { | 98 | if (extsize > 0) { |
| 94 | if (fread(extra, 1, extsize, fpZip) == extsize) { | 99 | if (extsize < sizeof(extra)) { |
| 95 | if (fwrite(extra, 1, extsize, fpOut) == extsize) { | 100 | if (fread(extra, 1, extsize, fpZip) == extsize) { |
| 96 | offset += extsize; | 101 | if (fwrite(extra, 1, extsize, fpOut) == extsize) { |
| 102 | offset += extsize; | ||
| 103 | } else { | ||
| 104 | err = Z_ERRNO; | ||
| 105 | break; | ||
| 106 | } | ||
| 97 | } else { | 107 | } else { |
| 98 | err = Z_ERRNO; | 108 | err = Z_ERRNO; |
| 99 | break; | 109 | break; |