From: Guido Draheim <guidod@gmx.de>
Date: Mon, 12 Mar 2018 23:23:33 +0000 (+0100)
Subject: check rootseek and rootsize to be positive #27
X-Git-Tag: v0.13.69~12
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=8f48323c181e20b7e527b8be7229d6eb1148ec5f;p=zziplib

check rootseek and rootsize to be positive #27
---

diff --git a/zzip/zip.c b/zzip/zip.c
index a5db9d8..6be8d7c 100644
--- a/zzip/zip.c
+++ b/zzip/zip.c
@@ -318,6 +318,8 @@ __zzip_fetch_disk_trailer(int fd, zzip_off_t filesize,
                     trailer->zz_rootseek = zzip_disk_trailer_rootseek(orig);
                     trailer->zz_rootsize = zzip_disk_trailer_rootsize(orig);
 #                  endif
+                    if (trailer->zz_rootseek < 0 || trailer->zz_rootsize < 0)
+                       return(ZZIP_CORRUPTED); // forged value
 
                     __fixup_rootseek(offset + tail - mapped, trailer);
 		    /*
@@ -344,6 +346,8 @@ __zzip_fetch_disk_trailer(int fd, zzip_off_t filesize,
                         zzip_disk64_trailer_finalentries(orig);
                     trailer->zz_rootseek = zzip_disk64_trailer_rootseek(orig);
                     trailer->zz_rootsize = zzip_disk64_trailer_rootsize(orig);
+                    if (trailer->zz_rootseek < 0 || trailer->zz_rootsize < 0)
+                       return(ZZIP_CORRUPTED); // forged value
 		    /*
 		     * "extract data from files archived in a single zip file."
 		     * So the file offsets must be within the current ZIP archive!