[Libreoffice-commits] core.git: package/source

David Blatter (via logerrit) logerrit at kemper.freedesktop.org
Fri Apr 2 10:52:04 UTC 2021 

 package/source/zipapi/ZipFile.cxx |    9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

New commits:
commit 24fad8bf168beb56855d97ede2d4a1dec2a46220
Author:     David Blatter <mail at dabla.ch>
AuthorDate: Wed Mar 31 15:57:44 2021 +0200
Commit:     Michael Stahl <michael.stahl at allotropia.de>
CommitDate: Fri Apr 2 12:51:29 2021 +0200

    fix detection of encrypted zip entries
    
    if a zip entry is encrypted, bit 1 of the flags field is set. previously
    bit 1 of the version field was checked. a valid zip with a required version
    of e.g. 45 generated a 'file is corrupt' error
    
    see: https://pkware.cachefly.net/webdocs/APPNOTE/APPNOTE-6.3.3.TXT
    (sections 4.4.3 and 4.4.4)
    
    Change-Id: I8bba6ead582e6cab55c8449f202807b50befea07
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/113420
    Tested-by: Jenkins
    Reviewed-by: Michael Stahl <michael.stahl at allotropia.de>

diff --git a/package/source/zipapi/ZipFile.cxx b/package/source/zipapi/ZipFile.cxx
index 6ee7bdc0d43d..fb90ef02e4e1 100644
--- a/package/source/zipapi/ZipFile.cxx
+++ b/package/source/zipapi/ZipFile.cxx
@@ -921,11 +921,11 @@ sal_Int32 ZipFile::readCEN()
 
             aMemGrabber.skipBytes ( 2 );
             aEntry.nVersion = aMemGrabber.ReadInt16();
+            aEntry.nFlag = aMemGrabber.ReadInt16();
 
-            if ( ( aEntry.nVersion & 1 ) == 1 )
+            if ( ( aEntry.nFlag & 1 ) == 1 )
                 throw ZipException("Invalid CEN header (encrypted entry)" );
 
-            aEntry.nFlag = aMemGrabber.ReadInt16();
             aEntry.nMethod = aMemGrabber.ReadInt16();
 
             if ( aEntry.nMethod != STORED && aEntry.nMethod != DEFLATED)
@@ -1025,9 +1025,10 @@ void ZipFile::recover()
                     MemoryByteGrabber aMemGrabber(aTmpBuffer);
 
                     aEntry.nVersion = aMemGrabber.ReadInt16();
-                    if ( ( aEntry.nVersion & 1 ) != 1 )
+                    aEntry.nFlag = aMemGrabber.ReadInt16();
+
+                    if ( ( aEntry.nFlag & 1 ) != 1 )
                     {
-                        aEntry.nFlag = aMemGrabber.ReadInt16();
                         aEntry.nMethod = aMemGrabber.ReadInt16();
 
                         if ( aEntry.nMethod == STORED || aEntry.nMethod == DEFLATED )

More information about the Libreoffice-commits mailing list