Skip to content

Commit

Permalink
Protect for long name and extra fields in contrib/minizip [Vollant].
Browse files Browse the repository at this point in the history
  • Loading branch information
@madler
madler committed Jan 21, 2012
1 parent 0458bbf commit 601b542
Showing 1 changed file with 17 additions and 7 deletions.
24 changes: 17 additions & 7 deletions contrib/minizip/mztools.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ uLong* bytesRecovered;
int entries = 0;
uLong totalBytes = 0;
char header[30];
char filename[256];
char filename[1024];
char extra[1024];
int offset = 0;
int offsetCD = 0;
Expand Down Expand Up @@ -73,9 +73,14 @@ uLong* bytesRecovered;

/* Filename */
if (fnsize > 0) {
if (fread(filename, 1, fnsize, fpZip) == fnsize) {
if (fwrite(filename, 1, fnsize, fpOut) == fnsize) {
offset += fnsize;
if (fnsize < sizeof(filename)) {
if (fread(filename, 1, fnsize, fpZip) == fnsize) {
if (fwrite(filename, 1, fnsize, fpOut) == fnsize) {
offset += fnsize;
} else {
err = Z_ERRNO;
break;
}
} else {
err = Z_ERRNO;
break;
Expand All @@ -91,9 +96,14 @@ uLong* bytesRecovered;

/* Extra field */
if (extsize > 0) {
if (fread(extra, 1, extsize, fpZip) == extsize) {
if (fwrite(extra, 1, extsize, fpOut) == extsize) {
offset += extsize;
if (extsize < sizeof(extra)) {
if (fread(extra, 1, extsize, fpZip) == extsize) {
if (fwrite(extra, 1, extsize, fpOut) == extsize) {
offset += extsize;
} else {
err = Z_ERRNO;
break;
}
} else {
err = Z_ERRNO;
break;
Expand Down

0 comments on commit 601b542

Please sign in to comment.