diff options
author | Piotr Jastrzebski | 2014-08-15 06:53:00 -0500 |
---|---|---|
committer | Narayan Kamath | 2014-08-26 07:48:44 -0500 |
commit | 0c1b894b69ff1261f14bad616d8a4ddada186a0d (patch) | |
tree | d22b8f906afa24f61c1524a9476321a87e01301f /libziparchive/zip_archive.cc | |
parent | a005e7795e3dfb7cc0bd2bc65208d2490bfc89d8 (diff) | |
download | platform-system-core-0c1b894b69ff1261f14bad616d8a4ddada186a0d.tar.gz platform-system-core-0c1b894b69ff1261f14bad616d8a4ddada186a0d.tar.xz platform-system-core-0c1b894b69ff1261f14bad616d8a4ddada186a0d.zip |
Reject zip archives with entry names containing \0.
There should never be a need of an entry name with \0 character.
Bug: 16162465
(cherry picked from commit 78271ba97b5d867e3597b7fc2257dd1bbd513b05)
Change-Id: I68c72fb45e8ec70eb125cfc887488bc18ba5447d
Diffstat (limited to 'libziparchive/zip_archive.cc')
-rw-r--r-- | libziparchive/zip_archive.cc | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/libziparchive/zip_archive.cc b/libziparchive/zip_archive.cc index 6ec8f0d34..87dac0e74 100644 --- a/libziparchive/zip_archive.cc +++ b/libziparchive/zip_archive.cc | |||
@@ -638,9 +638,15 @@ static int32_t ParseZipArchive(ZipArchive* archive) { | |||
638 | const uint16_t file_name_length = cdr->file_name_length; | 638 | const uint16_t file_name_length = cdr->file_name_length; |
639 | const uint16_t extra_length = cdr->extra_field_length; | 639 | const uint16_t extra_length = cdr->extra_field_length; |
640 | const uint16_t comment_length = cdr->comment_length; | 640 | const uint16_t comment_length = cdr->comment_length; |
641 | const char* file_name = reinterpret_cast<const char*>(ptr + sizeof(CentralDirectoryRecord)); | ||
642 | |||
643 | /* check that file name doesn't contain \0 character */ | ||
644 | if (memchr(file_name, 0, file_name_length) != NULL) { | ||
645 | ALOGW("Zip: entry name can't contain \\0 character"); | ||
646 | goto bail; | ||
647 | } | ||
641 | 648 | ||
642 | /* add the CDE filename to the hash table */ | 649 | /* add the CDE filename to the hash table */ |
643 | const char* file_name = reinterpret_cast<const char *>(ptr + sizeof(CentralDirectoryRecord)); | ||
644 | const int add_result = AddToHash(archive->hash_table, | 650 | const int add_result = AddToHash(archive->hash_table, |
645 | archive->hash_table_size, file_name, file_name_length); | 651 | archive->hash_table_size, file_name, file_name_length); |
646 | if (add_result) { | 652 | if (add_result) { |