diff options
| author | Narayan Kamath | 2017-08-09 12:32:09 -0500 |
|---|---|---|
| committer | Narayan Kamath | 2017-08-15 07:44:05 -0500 |
| commit | c1a56dcab711a7ee238c0af865920ca51b1408a6 (patch) | |
| tree | ef26fa1f9df1c9d4c34aa267d280fed380afd3fb /libziparchive | |
| parent | f7ad622264a23dc02b0cb4c7247da586f53982cd (diff) | |
| download | platform-system-core-c1a56dcab711a7ee238c0af865920ca51b1408a6.tar.gz platform-system-core-c1a56dcab711a7ee238c0af865920ca51b1408a6.tar.xz platform-system-core-c1a56dcab711a7ee238c0af865920ca51b1408a6.zip | |
zip_archive: reject files that don't start with an LFH signature.
Bug: 64211847
Test: zip_archive_test
Change-Id: I275e7c4da05ceeb20401b560c72294f29ef63642
Diffstat (limited to 'libziparchive')
| -rw-r--r-- | libziparchive/zip_archive.cc | 16 | ||||
| -rw-r--r-- | libziparchive/zip_archive_test.cc | 49 |
2 files changed, 65 insertions, 0 deletions
diff --git a/libziparchive/zip_archive.cc b/libziparchive/zip_archive.cc index 17c268bc2..4559b328f 100644 --- a/libziparchive/zip_archive.cc +++ b/libziparchive/zip_archive.cc | |||
| @@ -379,6 +379,22 @@ static int32_t ParseZipArchive(ZipArchive* archive) { | |||
| 379 | return -1; | 379 | return -1; |
| 380 | } | 380 | } |
| 381 | } | 381 | } |
| 382 | |||
| 383 | uint32_t lfh_start_bytes; | ||
| 384 | if (!archive->mapped_zip.ReadAtOffset(reinterpret_cast<uint8_t*>(&lfh_start_bytes), | ||
| 385 | sizeof(uint32_t), 0)) { | ||
| 386 | ALOGW("Zip: Unable to read header for entry at offset == 0."); | ||
| 387 | return -1; | ||
| 388 | } | ||
| 389 | |||
| 390 | if (lfh_start_bytes != LocalFileHeader::kSignature) { | ||
| 391 | ALOGW("Zip: Entry at offset zero has invalid LFH signature %" PRIx32, lfh_start_bytes); | ||
| 392 | #if defined(__ANDROID__) | ||
| 393 | android_errorWriteLog(0x534e4554, "64211847"); | ||
| 394 | #endif | ||
| 395 | return -1; | ||
| 396 | } | ||
| 397 | |||
| 382 | ALOGV("+++ zip good scan %" PRIu16 " entries", num_entries); | 398 | ALOGV("+++ zip good scan %" PRIu16 " entries", num_entries); |
| 383 | 399 | ||
| 384 | return 0; | 400 | return 0; |
diff --git a/libziparchive/zip_archive_test.cc b/libziparchive/zip_archive_test.cc index dbc14f02c..753bd4427 100644 --- a/libziparchive/zip_archive_test.cc +++ b/libziparchive/zip_archive_test.cc | |||
| @@ -717,6 +717,55 @@ TEST(ziparchive, ErrorCodeString) { | |||
| 717 | ASSERT_STREQ("I/O error", ErrorCodeString(kIoError)); | 717 | ASSERT_STREQ("I/O error", ErrorCodeString(kIoError)); |
| 718 | } | 718 | } |
| 719 | 719 | ||
| 720 | // A zip file whose local file header at offset zero is corrupted. | ||
| 721 | // | ||
| 722 | // --------------- | ||
| 723 | // cat foo > a.txt | ||
| 724 | // zip a.zip a.txt | ||
| 725 | // cat a.zip | xxd -i | ||
| 726 | // | ||
| 727 | // Manual changes : | ||
| 728 | // [2] = 0xff // Corrupt the LFH signature of entry 0. | ||
| 729 | // [3] = 0xff // Corrupt the LFH signature of entry 0. | ||
| 730 | static const std::vector<uint8_t> kZipFileWithBrokenLfhSignature{ | ||
| 731 | //[lfh-sig-----------], [lfh contents--------------------------------- | ||
| 732 | 0x50, 0x4b, 0xff, 0xff, 0x0a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x77, 0x80, | ||
| 733 | //-------------------------------------------------------------------- | ||
| 734 | 0x09, 0x4b, 0xa8, 0x65, 0x32, 0x7e, 0x04, 0x00, 0x00, 0x00, 0x04, 0x00, | ||
| 735 | //-------------------------------] [file-name-----------------], [--- | ||
| 736 | 0x00, 0x00, 0x05, 0x00, 0x1c, 0x00, 0x61, 0x2e, 0x74, 0x78, 0x74, 0x55, | ||
| 737 | // entry-contents------------------------------------------------------ | ||
| 738 | 0x54, 0x09, 0x00, 0x03, 0x51, 0x24, 0x8b, 0x59, 0x51, 0x24, 0x8b, 0x59, | ||
| 739 | //-------------------------------------------------------------------- | ||
| 740 | 0x75, 0x78, 0x0b, 0x00, 0x01, 0x04, 0x89, 0x42, 0x00, 0x00, 0x04, 0x88, | ||
| 741 | //-------------------------------------], [cd-record-sig-------], [--- | ||
| 742 | 0x13, 0x00, 0x00, 0x66, 0x6f, 0x6f, 0x0a, 0x50, 0x4b, 0x01, 0x02, 0x1e, | ||
| 743 | // cd-record----------------------------------------------------------- | ||
| 744 | 0x03, 0x0a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x77, 0x80, 0x09, 0x4b, 0xa8, | ||
| 745 | //-------------------------------------------------------------------- | ||
| 746 | 0x65, 0x32, 0x7e, 0x04, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x05, | ||
| 747 | //-------------------------------------------------------------------- | ||
| 748 | 0x00, 0x18, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0xa0, | ||
| 749 | //-] [lfh-file-header-off-], [file-name-----------------], [extra---- | ||
| 750 | 0x81, 0x00, 0x00, 0x00, 0x00, 0x61, 0x2e, 0x74, 0x78, 0x74, 0x55, 0x54, | ||
| 751 | //-------------------------------------------------------------------- | ||
| 752 | 0x05, 0x00, 0x03, 0x51, 0x24, 0x8b, 0x59, 0x75, 0x78, 0x0b, 0x00, 0x01, | ||
| 753 | //-------------------------------------------------------], [eocd-sig- | ||
| 754 | 0x04, 0x89, 0x42, 0x00, 0x00, 0x04, 0x88, 0x13, 0x00, 0x00, 0x50, 0x4b, | ||
| 755 | //-------], [--------------------------------------------------------- | ||
| 756 | 0x05, 0x06, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x01, 0x00, 0x4b, 0x00, | ||
| 757 | //-------------------------------------------] | ||
| 758 | 0x00, 0x00, 0x43, 0x00, 0x00, 0x00, 0x00, 0x00}; | ||
| 759 | |||
| 760 | TEST(ziparchive, BrokenLfhSignature) { | ||
| 761 | TemporaryFile tmp_file; | ||
| 762 | ASSERT_NE(-1, tmp_file.fd); | ||
| 763 | ASSERT_TRUE(android::base::WriteFully(tmp_file.fd, &kZipFileWithBrokenLfhSignature[0], | ||
| 764 | kZipFileWithBrokenLfhSignature.size())); | ||
| 765 | ZipArchiveHandle handle; | ||
| 766 | ASSERT_EQ(-1, OpenArchiveFd(tmp_file.fd, "LeadingNonZipBytes", &handle)); | ||
| 767 | } | ||
| 768 | |||
| 720 | int main(int argc, char** argv) { | 769 | int main(int argc, char** argv) { |
| 721 | ::testing::InitGoogleTest(&argc, argv); | 770 | ::testing::InitGoogleTest(&argc, argv); |
| 722 | 771 | ||