diff options
author | Caolán McNamara <caolanm@redhat.com> | 2017-11-27 16:29:37 +0000 |
---|---|---|
committer | Thorsten Behrens <Thorsten.Behrens@CIB.de> | 2018-06-01 14:26:52 +0200 |
commit | 4b63f21d3933dcdbff3343e1a6daa97eb17d47f2 (patch) | |
tree | 8c76ac910f4b4d5f9a9beff7fb9a74c2136268d4 | |
parent | e32d481df19d6b93d9d66eea36ce314d3f5080c6 (diff) |
keep track of available data
Change-Id: Idc54cdef0f3a4355a7e26f25cdc5b50d65d9d583
Reviewed-on: https://gerrit.libreoffice.org/45354
Reviewed-by: Michael Stahl <mstahl@redhat.com>
Tested-by: Jenkins <ci@libreoffice.org>
(cherry picked from commit 35376a21e6bd3d7eede07b1e8f359f728b5c54c9)
-rw-r--r-- | package/source/zipapi/MemoryByteGrabber.hxx | 2 | ||||
-rw-r--r-- | package/source/zipapi/ZipFile.cxx | 3 |
2 files changed, 5 insertions, 0 deletions
diff --git a/package/source/zipapi/MemoryByteGrabber.hxx b/package/source/zipapi/MemoryByteGrabber.hxx index 2beb8f5eccb7..e3326e2b9d33 100644 --- a/package/source/zipapi/MemoryByteGrabber.hxx +++ b/package/source/zipapi/MemoryByteGrabber.hxx @@ -39,6 +39,8 @@ public: } const sal_Int8 * getCurrentPos () { return mpBuffer + mnCurrent; } + sal_Int32 remainingSize() const { return mnEnd - mnCurrent; } + // XInputStream chained void SAL_CALL skipBytes( sal_Int32 nBytesToSkip ) diff --git a/package/source/zipapi/ZipFile.cxx b/package/source/zipapi/ZipFile.cxx index 8153aee7e0fd..037e08e2eaad 100644 --- a/package/source/zipapi/ZipFile.cxx +++ b/package/source/zipapi/ZipFile.cxx @@ -946,6 +946,9 @@ sal_Int32 ZipFile::readCEN() if ( aEntry.nExtraLen < 0 ) throw ZipException("unexpected extra header info length" ); + if (aEntry.nPathLen > aMemGrabber.remainingSize()) + throw ZipException("name too long"); + // read always in UTF8, some tools seem not to set UTF8 bit aEntry.sPath = OUString::intern ( reinterpret_cast<char const *>(aMemGrabber.getCurrentPos()), aEntry.nPathLen, |