[Libreoffice-commits] core.git: Branch 'libreoffice-5-4' - package/source
Caolán McNamara
caolanm at redhat.com
Tue Nov 28 09:49:03 UTC 2017
package/source/zipapi/MemoryByteGrabber.hxx | 2 ++
package/source/zipapi/ZipFile.cxx | 3 +++
2 files changed, 5 insertions(+)
New commits:
commit 35376a21e6bd3d7eede07b1e8f359f728b5c54c9
Author: Caolán McNamara <caolanm at redhat.com>
Date: Mon Nov 27 16:29:37 2017 +0000
keep track of available data
Change-Id: Idc54cdef0f3a4355a7e26f25cdc5b50d65d9d583
Reviewed-on: https://gerrit.libreoffice.org/45354
Reviewed-by: Michael Stahl <mstahl at redhat.com>
Tested-by: Jenkins <ci at libreoffice.org>
diff --git a/package/source/zipapi/MemoryByteGrabber.hxx b/package/source/zipapi/MemoryByteGrabber.hxx
index c5436c2a34f0..e04fcca26092 100644
--- a/package/source/zipapi/MemoryByteGrabber.hxx
+++ b/package/source/zipapi/MemoryByteGrabber.hxx
@@ -39,6 +39,8 @@ public:
}
const sal_Int8 * getCurrentPos () { return mpBuffer + mnCurrent; }
+ sal_Int32 remainingSize() const { return mnEnd - mnCurrent; }
+
// XInputStream chained
/// @throws css::io::NotConnectedException
diff --git a/package/source/zipapi/ZipFile.cxx b/package/source/zipapi/ZipFile.cxx
index 14b536db3ada..547be25ed23a 100644
--- a/package/source/zipapi/ZipFile.cxx
+++ b/package/source/zipapi/ZipFile.cxx
@@ -923,6 +923,9 @@ sal_Int32 ZipFile::readCEN()
if ( aEntry.nExtraLen < 0 )
throw ZipException("unexpected extra header info length" );
+ if (aEntry.nPathLen > aMemGrabber.remainingSize())
+ throw ZipException("name too long");
+
// read always in UTF8, some tools seem not to set UTF8 bit
aEntry.sPath = OUString::intern ( reinterpret_cast<char const *>(aMemGrabber.getCurrentPos()),
aEntry.nPathLen,
More information about the Libreoffice-commits
mailing list