Cypherpunks repositories - gostls13.git/commit

author	Roland Shoemaker <roland@golang.org>
	Wed, 18 Aug 2021 18:49:29 +0000 (11:49 -0700)
committer	Cherry Mui <cherryyz@google.com>
	Wed, 1 Sep 2021 16:41:15 +0000 (16:41 +0000)
commit	1dd24caf08985066b309af6bc461780c73e05c35
tree	2f8810231159e1611706a0408e3b169ff92b9765	tree
parent	ec5170397c724a8ae440b2bc529f857c86f0e6b1	commit \| diff

[release-branch.go1.17] archive/zip: prevent preallocation check from overflowing

If the indicated directory size in the archive header is so large that
subtracting it from the archive size overflows a uint64, the check that
the indicated number of files in the archive can be effectively
bypassed. Prevent this from happening by checking that the indicated
directory size is less than the size of the archive.

Thanks to the OSS-Fuzz project for discovering this issue and to
Emmanuel Odeke for reporting it.

Fixes #47986
Updates #47801
Fixes CVE-2021-39293

Change-Id: Ifade26b98a40f3b37398ca86bd5252d12394dd24
Reviewed-on: https://go-review.googlesource.com/c/go/+/343434
Trust: Roland Shoemaker <roland@golang.org>
Run-TryBot: Roland Shoemaker <roland@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Russ Cox <rsc@golang.org>
(cherry picked from commit bacbc33439b124ffd7392c91a5f5d96eca8c0c0b)
Reviewed-on: https://go-review.googlesource.com/c/go/+/345410
Reviewed-by: Emmanuel Odeke <emmanuel@orijtech.com>
Run-TryBot: Emmanuel Odeke <emmanuel@orijtech.com>
Trust: Cherry Mui <cherryyz@google.com>

src/archive/zip/reader.go		diff \| blob \| history
src/archive/zip/reader_test.go		diff \| blob \| history