Skip to content

Commit

Permalink
Added max_seek parameter to mz_zip_extrafield_find to limit the amoun…
Browse files Browse the repository at this point in the history 
…t we search for extrafield. zlib-ng#543

Co-authored-by: Vlad Lipskiy <[email protected]>
  • Loading branch information
@nmoinvaz @Eswcvlad
nmoinvaz and Eswcvlad committed Dec 23, 2020
1 parent 3d83acd commit 8f76968
Show file tree
Hide file tree
Showing 4 changed files with 18 additions and 9 deletions.
3 changes: 2 additions & 1 deletion doc/mz_zip.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1254,6 +1254,7 @@ Seeks using a _mz_stream_ to an extra field by its type and returns its length.
|-|-|-|
|void *|stream|_mz_stream_ instance|
|uint16_t|type|Extra field type indentifier (See [PKWARE zip app note](zip/appnote.iz.txt) section 4.5.2)|
|int32_t|max_seek|Maximum length to search for extrafield|
|uint16_t *|length|Pointer to extra field length|

**Return**
Expand All @@ -1273,7 +1274,7 @@ mz_stream_mem_create(&file_extra_stream);
mz_stream_mem_set_buffer(file_extra_stream, (void *)file_info->extrafield,
file_info->extrafield_size);
if (mz_zip_extrafield_find(file_extra_stream, MZ_ZIP_EXTENSION_AES, &extrafield_length) == MZ_OK)
if (mz_zip_extrafield_find(file_extra_stream, MZ_ZIP_EXTENSION_AES, INT32_MAX, &extrafield_length) == MZ_OK)
printf("Found AES extra field, length %d\n", extrafield_length);
else
printf("Unable to find AES extra field in zip entry\n");
Expand Down
14 changes: 11 additions & 3 deletions mz_zip.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2169,7 +2169,7 @@ int32_t mz_zip_entry_write_close(void *handle, uint32_t crc32, int64_t compresse

/* Find zip64 extrafield and update compressed and uncompressed sizes */
if (err == MZ_OK)
err = mz_zip_extrafield_find(zip->stream, MZ_ZIP_EXTENSION_ZIP64, &length);
err = mz_zip_extrafield_find(zip->stream, MZ_ZIP_EXTENSION_ZIP64, extrafield_size, &length);
if (err == MZ_OK) {
if (length >= 8)
err = mz_stream_write_uint64(zip->stream, zip->file_info.compressed_size);
Expand Down Expand Up @@ -2533,11 +2533,15 @@ int32_t mz_zip_attrib_win32_to_posix(uint32_t win32_attrib, uint32_t *posix_attr

/***************************************************************************/

int32_t mz_zip_extrafield_find(void *stream, uint16_t type, uint16_t *length) {
int32_t mz_zip_extrafield_find(void *stream, uint16_t type, int32_t max_seek, uint16_t *length) {
int32_t err = MZ_OK;
uint16_t field_type = 0;
uint16_t field_length = 0;


if (max_seek < 4)
return MZ_EXIST_ERROR;

do {
err = mz_stream_read_uint16(stream, &field_type);
if (err == MZ_OK)
Expand All @@ -2551,6 +2555,10 @@ int32_t mz_zip_extrafield_find(void *stream, uint16_t type, uint16_t *length) {
return MZ_OK;
}

max_seek -= field_length - 4;
if (max_seek < 0)
return MZ_EXIST_ERROR;

err = mz_stream_seek(stream, field_length, MZ_SEEK_CUR);
} while (err == MZ_OK);

Expand All @@ -2568,7 +2576,7 @@ int32_t mz_zip_extrafield_contains(const uint8_t *extrafield, int32_t extrafield
mz_stream_mem_create(&file_extra_stream);
mz_stream_mem_set_buffer(file_extra_stream, (void *)extrafield, extrafield_size);

err = mz_zip_extrafield_find(file_extra_stream, type, length);
err = mz_zip_extrafield_find(file_extra_stream, type, extrafield_size, length);

mz_stream_mem_delete(&file_extra_stream);

Expand Down
2 changes: 1 addition & 1 deletion mz_zip.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -203,7 +203,7 @@ int32_t mz_zip_attrib_win32_to_posix(uint32_t win32_attrib, uint32_t *posix_attr

/***************************************************************************/

int32_t mz_zip_extrafield_find(void *stream, uint16_t type, uint16_t *length);
int32_t mz_zip_extrafield_find(void *stream, uint16_t type, int32_t max_seek, uint16_t *length);
/* Seeks to extra field by its type and returns its length */

int32_t mz_zip_extrafield_contains(const uint8_t *extrafield, int32_t extrafield_size,
Expand Down
8 changes: 4 additions & 4 deletions mz_zip_rw.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -247,7 +247,7 @@ int32_t mz_zip_reader_unzip_cd(void *handle) {
mz_stream_mem_create(&file_extra_stream);
mz_stream_mem_set_buffer(file_extra_stream, (void *)cd_info->extrafield, cd_info->extrafield_size);

err = mz_zip_extrafield_find(file_extra_stream, MZ_ZIP_EXTENSION_CDCD, NULL);
err = mz_zip_extrafield_find(file_extra_stream, MZ_ZIP_EXTENSION_CDCD, INT32_MAX, NULL);
if (err == MZ_OK)
err = mz_stream_read_uint64(file_extra_stream, &number_entry);

Expand Down Expand Up @@ -481,7 +481,7 @@ int32_t mz_zip_reader_entry_sign_verify(void *handle) {
mz_stream_mem_set_buffer(file_extra_stream, (void *)reader->file_info->extrafield,
reader->file_info->extrafield_size);

err = mz_zip_extrafield_find(file_extra_stream, MZ_ZIP_EXTENSION_SIGN, &signature_size);
err = mz_zip_extrafield_find(file_extra_stream, MZ_ZIP_EXTENSION_SIGN, INT32_MAX, &signature_size);
if ((err == MZ_OK) && (signature_size > 0)) {
signature = (uint8_t *)MZ_ALLOC(signature_size);
if (mz_stream_read(file_extra_stream, signature, signature_size) != signature_size)
Expand Down Expand Up @@ -520,7 +520,7 @@ int32_t mz_zip_reader_entry_get_hash(void *handle, uint16_t algorithm, uint8_t *
reader->file_info->extrafield_size);

do {
err = mz_zip_extrafield_find(file_extra_stream, MZ_ZIP_EXTENSION_HASH, NULL);
err = mz_zip_extrafield_find(file_extra_stream, MZ_ZIP_EXTENSION_HASH, INT32_MAX, NULL);
if (err != MZ_OK)
break;

Expand Down Expand Up @@ -557,7 +557,7 @@ int32_t mz_zip_reader_entry_get_first_hash(void *handle, uint16_t *algorithm, ui
mz_stream_mem_set_buffer(file_extra_stream, (void *)reader->file_info->extrafield,
reader->file_info->extrafield_size);

err = mz_zip_extrafield_find(file_extra_stream, MZ_ZIP_EXTENSION_HASH, NULL);
err = mz_zip_extrafield_find(file_extra_stream, MZ_ZIP_EXTENSION_HASH, INT32_MAX, NULL);
if (err == MZ_OK)
err = mz_stream_read_uint16(file_extra_stream, &cur_algorithm);
if (err == MZ_OK)
Expand Down

0 comments on commit 8f76968

Please sign in to comment.