diff options
author | Mark Adler <madler@alumni.caltech.edu> | 2012-01-21 11:51:54 -0800 |
---|---|---|
committer | Mark Adler <madler@alumni.caltech.edu> | 2012-01-21 11:58:45 -0800 |
commit | 601b542a9d6c3689fce1414ec089d5f193656faa (patch) | |
tree | 4f9b82cf4ab45bb635c2af1ac3dd2a9ed5c93e5c | |
parent | 0458bbf2c0cbc41ff06c4db3da0f63ab0785d801 (diff) | |
download | zlib-601b542a9d6c3689fce1414ec089d5f193656faa.tar.gz |
Protect for long name and extra fields in contrib/minizip [Vollant].
-rw-r--r-- | contrib/minizip/mztools.c | 24 |
1 files changed, 17 insertions, 7 deletions
diff --git a/contrib/minizip/mztools.c b/contrib/minizip/mztools.c index f9092e6..96891c2 100644 --- a/contrib/minizip/mztools.c +++ b/contrib/minizip/mztools.c @@ -42,7 +42,7 @@ uLong* bytesRecovered; int entries = 0; uLong totalBytes = 0; char header[30]; - char filename[256]; + char filename[1024]; char extra[1024]; int offset = 0; int offsetCD = 0; @@ -73,9 +73,14 @@ uLong* bytesRecovered; /* Filename */ if (fnsize > 0) { - if (fread(filename, 1, fnsize, fpZip) == fnsize) { - if (fwrite(filename, 1, fnsize, fpOut) == fnsize) { - offset += fnsize; + if (fnsize < sizeof(filename)) { + if (fread(filename, 1, fnsize, fpZip) == fnsize) { + if (fwrite(filename, 1, fnsize, fpOut) == fnsize) { + offset += fnsize; + } else { + err = Z_ERRNO; + break; + } } else { err = Z_ERRNO; break; @@ -91,9 +96,14 @@ uLong* bytesRecovered; /* Extra field */ if (extsize > 0) { - if (fread(extra, 1, extsize, fpZip) == extsize) { - if (fwrite(extra, 1, extsize, fpOut) == extsize) { - offset += extsize; + if (extsize < sizeof(extra)) { + if (fread(extra, 1, extsize, fpZip) == extsize) { + if (fwrite(extra, 1, extsize, fpOut) == extsize) { + offset += extsize; + } else { + err = Z_ERRNO; + break; + } } else { err = Z_ERRNO; break; |