On Wed, 8 Nov 2023 19:59:34 GMT, Lance Andersen <lan...@openjdk.org> wrote:
> Please review this PR which enhances the existing CEN header validation
> checking to ensure that the
> size of the CEN Header + name length + comment length + extra length do not
> exceed 65,535 bytes per the PKWare APP.NOTE 4.4.10, 4.4.11, & 4.4.12. Also
> check that current CEN header will not exceed the length of the CEN array.
>
> Mach 5 tiers 1-3 are clean with this change.
Thank you for the comments. See my replies below.
Regarding you comment about checking whether or not to check if the combined
length of the CEN header + name length + comment length + extra length > 65K
bytes, I chose to add this given the strong wording given this a really old
spec. That being said, I do not object to removing the validation if that is
the overall preference.
zerror("invalid CEN header (bad header size)");
}
-------------
PR Review: https://git.openjdk.org/jdk/pull/16570#pullrequestreview-1723102540
