[Libreoffice-commits] core.git: Branch 'libreoffice-6-0' - package/source
Caolán McNamara
caolanm at redhat.com
Tue Nov 28 16:59:08 UTC 2017
package/source/zipapi/MemoryByteGrabber.hxx | 2 ++
package/source/zipapi/ZipFile.cxx | 3 +++
2 files changed, 5 insertions(+)
New commits:
commit 2867c32c99b85e42b018266988dc8f7796c1fc77
Author: Caolán McNamara <caolanm at redhat.com>
Date: Mon Nov 27 16:29:37 2017 +0000
keep track of available data
Change-Id: Idc54cdef0f3a4355a7e26f25cdc5b50d65d9d583
Reviewed-on: https://gerrit.libreoffice.org/45353
Reviewed-by: Michael Stahl <mstahl at redhat.com>
Reviewed-by: Caolán McNamara <caolanm at redhat.com>
Tested-by: Caolán McNamara <caolanm at redhat.com>
diff --git a/package/source/zipapi/MemoryByteGrabber.hxx b/package/source/zipapi/MemoryByteGrabber.hxx
index 1366eea478b0..5417406db379 100644
--- a/package/source/zipapi/MemoryByteGrabber.hxx
+++ b/package/source/zipapi/MemoryByteGrabber.hxx
@@ -36,6 +36,8 @@ public:
}
const sal_Int8 * getCurrentPos () { return mpBuffer + mnCurrent; }
+ sal_Int32 remainingSize() const { return mnEnd - mnCurrent; }
+
// XInputStream chained
/// @throws css::io::NotConnectedException
diff --git a/package/source/zipapi/ZipFile.cxx b/package/source/zipapi/ZipFile.cxx
index b7cdf7289d4c..61f7ea1dacc1 100644
--- a/package/source/zipapi/ZipFile.cxx
+++ b/package/source/zipapi/ZipFile.cxx
@@ -934,6 +934,9 @@ sal_Int32 ZipFile::readCEN()
if ( aEntry.nExtraLen < 0 )
throw ZipException("unexpected extra header info length" );
+ if (aEntry.nPathLen > aMemGrabber.remainingSize())
+ throw ZipException("name too long");
+
// read always in UTF8, some tools seem not to set UTF8 bit
aEntry.sPath = OUString::intern ( reinterpret_cast<char const *>(aMemGrabber.getCurrentPos()),
aEntry.nPathLen,
More information about the Libreoffice-commits
mailing list