check rootseek and rootsize to be positive #27

author Guido Draheim <guidod@gmx.de>

Mon, 12 Mar 2018 23:23:33 +0000 (00:23 +0100)

committer Guido Draheim <guidod@gmx.de>

Mon, 12 Mar 2018 23:23:33 +0000 (00:23 +0100)
author Guido Draheim <guidod@gmx.de>
Mon, 12 Mar 2018 23:23:33 +0000 (00:23 +0100)
committer Guido Draheim <guidod@gmx.de>
Mon, 12 Mar 2018 23:23:33 +0000 (00:23 +0100)
diff --git a/zzip/zip.c b/zzip/zip.c

index a5db9d8cf9ce856e286e222dac3b5f8f053c4157..6be8d7c8f944bbf4aece8cc5f164c45933227669 100644 (file)
--- a/zzip/zip.c
+++ b/zzip/zip.c
@@ -318,6 +318,8 @@ __zzip_fetch_disk_trailer(int fd, zzip_off_t filesize,
                      trailer->zz_rootseek = zzip_disk_trailer_rootseek(orig);
                      trailer->zz_rootsize = zzip_disk_trailer_rootsize(orig);
  #                  endif
+                    if (trailer->zz_rootseek < 0 || trailer->zz_rootsize < 0)
+                       return(ZZIP_CORRUPTED); // forged value
  
                      __fixup_rootseek(offset + tail - mapped, trailer);
                     /*
@@ -344,6 +346,8 @@ __zzip_fetch_disk_trailer(int fd, zzip_off_t filesize,
                          zzip_disk64_trailer_finalentries(orig);
                      trailer->zz_rootseek = zzip_disk64_trailer_rootseek(orig);
                      trailer->zz_rootsize = zzip_disk64_trailer_rootsize(orig);
+                    if (trailer->zz_rootseek < 0 || trailer->zz_rootsize < 0)
+                       return(ZZIP_CORRUPTED); // forged value
                     /*
                      * "extract data from files archived in a single zip file."
                      * So the file offsets must be within the current ZIP archive!
author	Guido Draheim <guidod@gmx.de>
	Mon, 12 Mar 2018 23:23:33 +0000 (00:23 +0100)
committer	Guido Draheim <guidod@gmx.de>
	Mon, 12 Mar 2018 23:23:33 +0000 (00:23 +0100)