search

gdraheim / zziplib

The ZZIPlib provides read access on ZIP-archives and unpacked data. It features an additional simplified API following the standard Posix API for file access
Other
62 stars 50 forks source link

parse_root_dir: Verify size of extra obtained #169

Closed keentux closed 1 month ago

keentux commented 1 month ago

Fix the #164 where extra_ptr could be alocated without enough bytes to check the magic value.

Indeed, ZZIP_EXTRA_ZIP64_CHECK, or later in the code, will call ZZIP_GETEXTRA() where it get 2 first bytes to check the magic number. However, there is not any verification about the size allocated for extras_ptr, where by the value of u_extras, extras_ptr could be allocated of 1 byte (what happened with the provided POC in the bug description). We should be sure that u_extra allocates the extras_ptr with more that 2 bytes, or better, at least same value of the size of the zzip_extra_zip64 struct.

keentux commented 1 month ago

Also fix issue #166

gdraheim commented 1 month ago

Some tests failed and showed that there are zip files around that do not encode the full ZIP64 entries block.

keentux commented 1 month ago

Oh, Thanks for the verification.