Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

archive/zip: Writer should validate file validity #17402

Closed
dsnet opened this issue Oct 11, 2016 · 2 comments
Closed

archive/zip: Writer should validate file validity #17402

dsnet opened this issue Oct 11, 2016 · 2 comments

Comments

@dsnet
Copy link
Member

@dsnet dsnet commented Oct 11, 2016

The ZIP format uses uint16 to contain the length of the file name and the length of the Extra section. We should verify that that the length of these fields fits in an uint16 prior to writing the ZIP file.

See

b.uint16(uint16(len(h.Name)))
b.uint16(uint16(len(h.Extra)))
if _, err := w.Write(buf[:]); err != nil {
return err
}
if _, err := io.WriteString(w, h.Name); err != nil {
return err
}
_, err := w.Write(h.Extra)

@dsnet dsnet added this to the Go1.8Maybe milestone Oct 11, 2016
@dsnet dsnet self-assigned this Oct 11, 2016
@quentinmit quentinmit added the NeedsFix label Oct 11, 2016
@dsnet dsnet modified the milestones: Go1.9, Go1.8Maybe Oct 14, 2016
@dsnet dsnet modified the milestones: Go1.10, Go1.9 May 22, 2017
@dsnet
Copy link
Member Author

@dsnet dsnet commented Jul 15, 2017

@dsnet dsnet removed their assignment Jul 15, 2017
@gopherbot
Copy link

@gopherbot gopherbot commented Jul 20, 2017

CL https://golang.org/cl/50250 mentions this issue.

@gopherbot gopherbot closed this in 816deac Aug 13, 2017
@golang golang locked and limited conversation to collaborators Aug 13, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
3 participants
You can’t perform that action at this time.