diff options
author | Piotr Jastrzebski <haaawk@google.com> | 2014-08-19 15:49:58 +0000 |
---|---|---|
committer | Gerrit Code Review <noreply-gerritcodereview@google.com> | 2014-08-16 05:59:09 +0000 |
commit | 8fd1f27ed866169684f44f24aeaa5c4722427d18 (patch) | |
tree | 33874952e4627e2a4bea40dc3854f02e4039321c /libziparchive | |
parent | 3e13ed0864944c5fcff9d519eacf1f75c7db652a (diff) | |
parent | 78271ba97b5d867e3597b7fc2257dd1bbd513b05 (diff) | |
download | system_core-8fd1f27ed866169684f44f24aeaa5c4722427d18.tar.gz system_core-8fd1f27ed866169684f44f24aeaa5c4722427d18.tar.bz2 system_core-8fd1f27ed866169684f44f24aeaa5c4722427d18.zip |
Merge "Reject zip archives with entry names containing \0."
Diffstat (limited to 'libziparchive')
-rw-r--r-- | libziparchive/zip_archive.cc | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/libziparchive/zip_archive.cc b/libziparchive/zip_archive.cc index 5f9dc8d40..d5d470036 100644 --- a/libziparchive/zip_archive.cc +++ b/libziparchive/zip_archive.cc @@ -640,9 +640,15 @@ static int32_t ParseZipArchive(ZipArchive* archive) { const uint16_t file_name_length = cdr->file_name_length; const uint16_t extra_length = cdr->extra_field_length; const uint16_t comment_length = cdr->comment_length; + const uint8_t* file_name = ptr + sizeof(CentralDirectoryRecord); + + /* check that file name doesn't contain \0 character */ + if (memchr(file_name, 0, file_name_length) != NULL) { + ALOGW("Zip: entry name can't contain \\0 character"); + goto bail; + } /* add the CDE filename to the hash table */ - const uint8_t* file_name = ptr + sizeof(CentralDirectoryRecord); ZipEntryName entry_name; entry_name.name = file_name; entry_name.name_length = file_name_length; |