This is an automated email from the ASF dual-hosted git repository.
garydgregory pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/commons-compress.git
The following commit(s) were added to refs/heads/master by this push:
new d05aa4288 Throw ArchiveException instead of EOFException when CPIO
name size less (#772)
d05aa4288 is described below
commit d05aa4288dd79b57a8215ca48c511d823a88f981
Author: Gary Gregory <[email protected]>
AuthorDate: Tue Apr 28 14:23:24 2026 -0400
Throw ArchiveException instead of EOFException when CPIO name size less
(#772)
than or equal to 0 #771
---
.../archivers/cpio/CpioArchiveInputStream.java | 4 ++--
.../archivers/cpio/CpioArchiveInputStreamTest.java | 28 ++++++++++++++++++++++
2 files changed, 30 insertions(+), 2 deletions(-)
diff --git
a/src/main/java/org/apache/commons/compress/archivers/cpio/CpioArchiveInputStream.java
b/src/main/java/org/apache/commons/compress/archivers/cpio/CpioArchiveInputStream.java
index ff44f9757..16b9fe103 100644
---
a/src/main/java/org/apache/commons/compress/archivers/cpio/CpioArchiveInputStream.java
+++
b/src/main/java/org/apache/commons/compress/archivers/cpio/CpioArchiveInputStream.java
@@ -494,7 +494,7 @@ private CpioArchiveEntry readOldAsciiEntry() throws
IOException {
ret.setRemoteDevice(readAsciiLong(6, 8));
ret.setTime(readAsciiLong(11, 8));
final long nameSize = readAsciiLong(6, 8);
- if (nameSize < 0) {
+ if (nameSize <= 0) {
throw new ArchiveException("Found illegal entry with negative name
length");
}
ret.setSize(readAsciiLong(11, 8));
@@ -524,7 +524,7 @@ private CpioArchiveEntry readOldBinaryEntry(final boolean
swapHalfWord) throws I
oldEntry.setRemoteDevice(readBinaryLong(2, swapHalfWord));
oldEntry.setTime(readBinaryLong(4, swapHalfWord));
final long nameSize = readBinaryLong(2, swapHalfWord);
- if (nameSize < 0) {
+ if (nameSize <= 0) {
throw new ArchiveException("Found illegal entry with negative name
length");
}
oldEntry.setSize(readBinaryLong(4, swapHalfWord));
diff --git
a/src/test/java/org/apache/commons/compress/archivers/cpio/CpioArchiveInputStreamTest.java
b/src/test/java/org/apache/commons/compress/archivers/cpio/CpioArchiveInputStreamTest.java
index 95cb4e1c6..829fa4501 100644
---
a/src/test/java/org/apache/commons/compress/archivers/cpio/CpioArchiveInputStreamTest.java
+++
b/src/test/java/org/apache/commons/compress/archivers/cpio/CpioArchiveInputStreamTest.java
@@ -120,6 +120,34 @@ void testEndOfFileInEntry_c_namesize_0x00000000() throws
Exception {
}
}
+ @Test
+ void testEndOfFileInEntry_c_namesize_0x00000000_magicOldAscii() throws
Exception {
+ // CPIO header with c_namesize = 0x00000000
+ // @formatter:off
+ final String header =
+ "070707" + // c_magic
+ "000000" + // dev
+ "000000" + // c_ino
+ "007004" + // c_mode
+ "000000" + // c_uid
+ "000000" + // c_gid
+ "00000001" + // c_nlink
+ "00000000" + // c_mtime
+ "00000000" + // c_filesize
+ "00000000" + // c_devmajor
+ "00000000" + // c_devminor
+ "00000000" + // c_rdevmajor
+ "00000000" + // c_rdevminor
+ "00000000" + // c_namesize
+ "00000000"; // c_check
+ // @formatter:on
+ final byte[] data = new
byte[header.getBytes(StandardCharsets.US_ASCII).length + 1];
+ System.arraycopy(header.getBytes(), 0, data, 0,
header.getBytes().length);
+ try (CpioArchiveInputStream cpio =
CpioArchiveInputStream.builder().setByteArray(data).get()) {
+ assertThrows(ArchiveException.class, () -> cpio.getNextEntry());
+ }
+ }
+
@Test
void testEndOfFileInEntry_c_namesize_0xFFFFFFFF() throws Exception {
// CPIO header with c_namesize = 0xFFFFFFFF
