__zzip_parse_root_directory: Check if rootsize is non-0 and rootseek

gdraheim / zziplib

The ZZIPlib provides read access on ZIP-archives and unpacked data. It features an additional simplified API following the standard Posix API for file access

Other

62 stars 50 forks source link

__zzip_parse_root_directory: Check if rootsize is non-0 and rootseek #48

Closed jmoellers closed 6 years ago

jmoellers commented 6 years ago

__zzip_parse_root_directory: Check if rootsize is non-0 and rootseek lies within the archive. Fixes CVE-2018-7726 and issue/41

gdraheim commented 6 years ago

patch did not compile.
patch did double a test.