The ZZIPlib provides read access on ZIP-archives and unpacked data. It features an additional simplified API following the standard Posix API for file access
Other
62
stars
50
forks
source link
parse_root_dir: Verify size of extra obtained #169
Fix the #164 where extra_ptr could be alocated without enough bytes to check the magic value.
Indeed, ZZIP_EXTRA_ZIP64_CHECK, or later in the code, will call ZZIP_GETEXTRA() where it get 2 first bytes to check the magic number.
However, there is not any verification about the size allocated for extras_ptr, where by the value of u_extras, extras_ptr could be allocated of 1 byte (what happened with the provided POC in the bug description). We should be sure that u_extra allocates the extras_ptr with more that 2 bytes, or better, at least same value of the size of the zzip_extra_zip64 struct.
Fix the #164 where extra_ptr could be alocated without enough bytes to check the magic value.
Indeed, ZZIP_EXTRA_ZIP64_CHECK, or later in the code, will call ZZIP_GETEXTRA() where it get 2 first bytes to check the magic number. However, there is not any verification about the size allocated for
extras_ptr
, where by the value ofu_extras
,extras_ptr
could be allocated of 1 byte (what happened with the provided POC in the bug description). We should be sure thatu_extra
allocates theextras_ptr
with more that 2 bytes, or better, at least same value of the size of thezzip_extra_zip64
struct.