Protect for long name and extra fields in contrib/minizip [Vollant].

601b542a · Mark Adler · 0458bbf2 · 601b542a
显示空白变更内容
内联并排

Showing with 17 addition and 7 deletion

contrib/minizip/mztools.c contrib/minizip/mztools.c +17 -7

未找到文件。
--- a/contrib/minizip/mztools.c
+++ b/contrib/minizip/mztools.c
@@ -42,7 +42,7 @@ uLong* bytesRecovered;
    int entries = 0;
    uLong totalBytes = 0;
    char header[30];
-    char filename[256];
+    char filename[1024];
    char extra[1024];
    int offset = 0;
    int offsetCD = 0;
@@ -73,6 +73,7 @@ uLong* bytesRecovered;

        /* Filename */
        if (fnsize > 0) {
+          if (fnsize < sizeof(filename)) {
            if (fread(filename, 1, fnsize, fpZip) == fnsize) {
                if (fwrite(filename, 1, fnsize, fpOut) == fnsize) {
                offset += fnsize;
@@ -84,6 +85,10 @@ uLong* bytesRecovered;
              err = Z_ERRNO;
              break;
            }
+          } else {
+            err = Z_ERRNO;
+            break;
+          }
        } else {
          err = Z_STREAM_ERROR;
          break;
@@ -91,6 +96,7 @@ uLong* bytesRecovered;

        /* Extra field */
        if (extsize > 0) {
+          if (extsize < sizeof(extra)) {
            if (fread(extra, 1, extsize, fpZip) == extsize) {
              if (fwrite(extra, 1, extsize, fpOut) == extsize) {
                offset += extsize;
@@ -102,6 +108,10 @@ uLong* bytesRecovered;
              err = Z_ERRNO;
              break;
            }
+          } else {
+            err = Z_ERRNO;
+            break;
+          }
        }

        /* Data */