package/source/zipapi/ZipFile.cxx |9 +
1 file changed, 5 insertions(+), 4 deletions(-)
New commits:
commit 24fad8bf168beb56855d97ede2d4a1dec2a46220
Author: David Blatter
AuthorDate: Wed Mar 31 15:57:44 2021 +0200
Commit: Michael Stahl
CommitDate: Fri Apr 2 12:51:29 2021 +0200
fix detection of encrypted zip entries
if a zip entry is encrypted, bit 1 of the flags field is set. previously
bit 1 of the version field was checked. a valid zip with a required version
of e.g. 45 generated a 'file is corrupt' error
see: https://pkware.cachefly.net/webdocs/APPNOTE/APPNOTE-6.3.3.TXT
(sections 4.4.3 and 4.4.4)
Change-Id: I8bba6ead582e6cab55c8449f202807b50befea07
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/113420
Tested-by: Jenkins
Reviewed-by: Michael Stahl
diff --git a/package/source/zipapi/ZipFile.cxx
b/package/source/zipapi/ZipFile.cxx
index 6ee7bdc0d43d..fb90ef02e4e1 100644
--- a/package/source/zipapi/ZipFile.cxx
+++ b/package/source/zipapi/ZipFile.cxx
@@ -921,11 +921,11 @@ sal_Int32 ZipFile::readCEN()
aMemGrabber.skipBytes ( 2 );
aEntry.nVersion = aMemGrabber.ReadInt16();
+aEntry.nFlag = aMemGrabber.ReadInt16();
-if ( ( aEntry.nVersion & 1 ) == 1 )
+if ( ( aEntry.nFlag & 1 ) == 1 )
throw ZipException("Invalid CEN header (encrypted entry)" );
-aEntry.nFlag = aMemGrabber.ReadInt16();
aEntry.nMethod = aMemGrabber.ReadInt16();
if ( aEntry.nMethod != STORED && aEntry.nMethod != DEFLATED)
@@ -1025,9 +1025,10 @@ void ZipFile::recover()
MemoryByteGrabber aMemGrabber(aTmpBuffer);
aEntry.nVersion = aMemGrabber.ReadInt16();
-if ( ( aEntry.nVersion & 1 ) != 1 )
+aEntry.nFlag = aMemGrabber.ReadInt16();
+
+if ( ( aEntry.nFlag & 1 ) != 1 )
{
-aEntry.nFlag = aMemGrabber.ReadInt16();
aEntry.nMethod = aMemGrabber.ReadInt16();
if ( aEntry.nMethod == STORED || aEntry.nMethod ==
DEFLATED )
___
Libreoffice-commits mailing list
libreoffice-comm...@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
