package/source/zipapi/MemoryByteGrabber.hxx | 2 ++ package/source/zipapi/ZipFile.cxx | 3 +++ 2 files changed, 5 insertions(+)
New commits: commit 35376a21e6bd3d7eede07b1e8f359f728b5c54c9 Author: Caolán McNamara <caol...@redhat.com> Date: Mon Nov 27 16:29:37 2017 +0000 keep track of available data Change-Id: Idc54cdef0f3a4355a7e26f25cdc5b50d65d9d583 Reviewed-on: https://gerrit.libreoffice.org/45354 Reviewed-by: Michael Stahl <mst...@redhat.com> Tested-by: Jenkins <c...@libreoffice.org> diff --git a/package/source/zipapi/MemoryByteGrabber.hxx b/package/source/zipapi/MemoryByteGrabber.hxx index c5436c2a34f0..e04fcca26092 100644 --- a/package/source/zipapi/MemoryByteGrabber.hxx +++ b/package/source/zipapi/MemoryByteGrabber.hxx @@ -39,6 +39,8 @@ public: } const sal_Int8 * getCurrentPos () { return mpBuffer + mnCurrent; } + sal_Int32 remainingSize() const { return mnEnd - mnCurrent; } + // XInputStream chained /// @throws css::io::NotConnectedException diff --git a/package/source/zipapi/ZipFile.cxx b/package/source/zipapi/ZipFile.cxx index 14b536db3ada..547be25ed23a 100644 --- a/package/source/zipapi/ZipFile.cxx +++ b/package/source/zipapi/ZipFile.cxx @@ -923,6 +923,9 @@ sal_Int32 ZipFile::readCEN() if ( aEntry.nExtraLen < 0 ) throw ZipException("unexpected extra header info length" ); + if (aEntry.nPathLen > aMemGrabber.remainingSize()) + throw ZipException("name too long"); + // read always in UTF8, some tools seem not to set UTF8 bit aEntry.sPath = OUString::intern ( reinterpret_cast<char const *>(aMemGrabber.getCurrentPos()), aEntry.nPathLen,
_______________________________________________ Libreoffice-commits mailing list libreoffice-comm...@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits