openkylin
/
platform_system_core
mirror of https://gitee.com/openkylin/platform_system_core.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge "Reject zip archives with entry names containing \0."

This commit is contained in:
Piotr Jastrzebski 2014-08-19 15:49:58 +00:00 committed by Gerrit Code Review
parent 3e13ed0864 78271ba97b
commit 8fd1f27ed8
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
libziparchive/zip_archive.cc
View File

@ -640,9 +640,15 @@ static int32_t ParseZipArchive(ZipArchive* archive) {
const uint16_t file_name_length = cdr->file_name_length;
const uint16_t extra_length = cdr->extra_field_length;
const uint16_t comment_length = cdr->comment_length;
const uint8_t* file_name = ptr + sizeof(CentralDirectoryRecord);
/* check that file name doesn't contain \0 character */
if (memchr(file_name, 0, file_name_length) != NULL) {
ALOGW("Zip: entry name can't contain \\0 character");
goto bail;
}
/* add the CDE filename to the hash table */
const uint8_t* file_name = ptr + sizeof(CentralDirectoryRecord);
ZipEntryName entry_name;
entry_name.name = file_name;
entry_name.name_length = file_name_length;