archive/zip: handle corrupt extra data records

author Dave Cheney <dave@cheney.net>

Tue, 30 Oct 2012 16:51:59 +0000 (03:51 +1100)

committer Dave Cheney <dave@cheney.net>

Tue, 30 Oct 2012 16:51:59 +0000 (03:51 +1100)
author Dave Cheney <dave@cheney.net>
Tue, 30 Oct 2012 16:51:59 +0000 (03:51 +1100)
committer Dave Cheney <dave@cheney.net>
Tue, 30 Oct 2012 16:51:59 +0000 (03:51 +1100)
diff --git a/src/pkg/archive/zip/reader.go b/src/pkg/archive/zip/reader.go

index a6b049ec32bf29698658cf57562715f868af3fa3..fed398897468b46a21d0c86b7c634c1974d76bc5 100644 (file)
--- a/src/pkg/archive/zip/reader.go
+++ b/src/pkg/archive/zip/reader.go
@@ -241,6 +241,9 @@ func readDirectoryHeader(f *File, r io.Reader) error {
                 for len(b) > 0 {
                         tag := b.uint16()
                         size := b.uint16()
+                       if int(size) > len(b) {
+                               return ErrFormat
+                       }
                         if tag == zip64ExtraId {
                                 // update directory values from the zip64 extra block
                                 eb := readBuf(b)
diff --git a/src/pkg/archive/zip/zip_test.go b/src/pkg/archive/zip/zip_test.go

index 1d229d080ac7bc6c97315631d2ff61c432da4518..54daf2482a2af46d97333a7df39d7d32e899ca47 100644 (file)
--- a/src/pkg/archive/zip/zip_test.go
+++ b/src/pkg/archive/zip/zip_test.go
@@ -173,3 +173,37 @@ func TestZip64(t *testing.T) {
                 t.Errorf("UncompressedSize64 %d, want %d", got, want)
         }
  }
+
+// Issue 4302.
+func TestInvalidExtraHedaer(t *testing.T) {
+       const timeFormat = "20060102T150405.000.txt"
+
+       var buf bytes.Buffer
+       z := NewWriter(&buf)
+
+       ts := time.Now()
+       filename := ts.Format(timeFormat)
+
+       h := FileHeader{
+               Name:   filename,
+               Method: Deflate,
+               Extra:  []byte(ts.Format(time.RFC3339Nano)), // missing tag and len
+       }
+       h.SetModTime(ts)
+
+       fh, err := z.CreateHeader(&h)
+       if err != nil {
+               t.Fatalf("error creating header: %v", err)
+       }
+       if _, err := fh.Write([]byte("hi")); err != nil {
+               t.Fatalf("error writing content: %v", err)
+       }
+       if err := z.Close(); err != nil {
+               t.Fatal("error closing zip writer: %v", err)
+       }
+
+       b := buf.Bytes()
+       if _, err = NewReader(bytes.NewReader(b), int64(len(b))); err == nil {
+               t.Fatal("expected ErrFormat")
+       }
+}
author	Dave Cheney <dave@cheney.net>
	Tue, 30 Oct 2012 16:51:59 +0000 (03:51 +1100)
committer	Dave Cheney <dave@cheney.net>
	Tue, 30 Oct 2012 16:51:59 +0000 (03:51 +1100)
src/pkg/archive/zip/reader.go		patch \| blob \| history
src/pkg/archive/zip/zip_test.go		patch \| blob \| history