do not use the information therein.
- If the End of central directory record (EOCD) contains an
Offset of start of central directory which is beyond the end of
the file, reject the file.
[CVE-2018-6540]
char* ext_end = ext + entry->zz_extlen[i];
if (ext)
{
- while (ext + zzip_extra_block_headerlength <= ext_end)
+ /*
+ * Make sure that
+ * 1) the extra block header
+ * AND
+ * 2) the block we're looking for
+ * fit into the extra block!
+ */
+ while (ext + zzip_extra_block_headerlength + blocksize <= ext_end)
{
if (datatype == zzip_extra_block_get_datatype(ext))
{
errno = EBADMSG;
return 0;
}
+ if (root >= disk->endbuf)
+ {
+ DBG1("root behind endbuf should be impossible");
+ errno = EBADMSG;
+ return 0;
+ }
if (zzip_disk_entry_check_magic(root))
{
DBG1("found the disk root");