Stefan Bodewig
4 years ago
3 changed files with 32 additions and 7 deletions
Unified View
Diff Options
-
+5 -2src/main/org/apache/tools/tar/TarInputStream.java
-
+8 -4src/main/org/apache/tools/zip/AsiExtraField.java
-
+19 -1src/main/org/apache/tools/zip/ZipFile.java
+ 5
- 2
src/main/org/apache/tools/tar/TarInputStream.java
View File
| @@ -436,11 +436,13 @@ public class TarInputStream extends FilterInputStream { | |||||
| String keyword = coll.toString("UTF-8"); | String keyword = coll.toString("UTF-8"); | ||||
| // Get rest of entry | // Get rest of entry | ||||
| final int restLen = len - read; | final int restLen = len - read; | ||||
| byte[] rest = new byte[restLen]; | |||||
| ByteArrayOutputStream bos = new ByteArrayOutputStream(); | |||||
| int got = 0; | int got = 0; | ||||
| while (got < restLen && (ch = i.read()) != -1) { | while (got < restLen && (ch = i.read()) != -1) { | ||||
| rest[got++] = (byte) ch; | |||||
| bos.write((byte) ch); | |||||
| got++; | |||||
| } | } | ||||
| bos.close(); | |||||
| if (got != restLen) { | if (got != restLen) { | ||||
| throw new IOException("Failed to read " | throw new IOException("Failed to read " | ||||
| + "Paxheader. Expected " | + "Paxheader. Expected " | ||||
| @@ -448,6 +450,7 @@ public class TarInputStream extends FilterInputStream { | |||||
| + " bytes, read " | + " bytes, read " | ||||
| + got); | + got); | ||||
| } | } | ||||
| byte[] rest = bos.toByteArray(); | |||||
| // Drop trailing NL | // Drop trailing NL | ||||
| String value = new String(rest, 0, | String value = new String(rest, 0, | ||||
| restLen - 1, StandardCharsets.UTF_8); | restLen - 1, StandardCharsets.UTF_8); | ||||
+ 8
- 4
src/main/org/apache/tools/zip/AsiExtraField.java
View File
| @@ -307,14 +307,18 @@ public class AsiExtraField implements ZipExtraField, UnixStat, Cloneable { | |||||
| int newMode = ZipShort.getValue(tmp, 0); | int newMode = ZipShort.getValue(tmp, 0); | ||||
| // CheckStyle:MagicNumber OFF | // CheckStyle:MagicNumber OFF | ||||
| byte[] linkArray = new byte[(int) ZipLong.getValue(tmp, 2)]; | |||||
| final int linkArrayLength = (int) ZipLong.getValue(tmp, 2); | |||||
| if (linkArrayLength < 0 || linkArrayLength > tmp.length - 10) { | |||||
| throw new ZipException("Bad symbolic link name length " + linkArrayLength | |||||
| + " in ASI extra field"); | |||||
| } | |||||
| uid = ZipShort.getValue(tmp, 6); | uid = ZipShort.getValue(tmp, 6); | ||||
| gid = ZipShort.getValue(tmp, 8); | gid = ZipShort.getValue(tmp, 8); | ||||
| if (linkArray.length == 0) { | |||||
| if (linkArrayLength == 0) { | |||||
| link = ""; | link = ""; | ||||
| } else { | } else { | ||||
| System.arraycopy(tmp, 10, linkArray, 0, linkArray.length); | |||||
| final byte[] linkArray = new byte[linkArrayLength]; | |||||
| System.arraycopy(tmp, 10, linkArray, 0, linkArrayLength); | |||||
| link = new String(linkArray); // Uses default charset - see class Javadoc | link = new String(linkArray); // Uses default charset - see class Javadoc | ||||
| } | } | ||||
| // CheckStyle:MagicNumber ON | // CheckStyle:MagicNumber ON | ||||
+ 19
- 1
src/main/org/apache/tools/zip/ZipFile.java
View File
| @@ -541,6 +541,9 @@ public class ZipFile implements Closeable { | |||||
| ze.setExternalAttributes(ZipLong.getValue(CFH_BUF, off)); | ze.setExternalAttributes(ZipLong.getValue(CFH_BUF, off)); | ||||
| off += WORD; | off += WORD; | ||||
| if (archive.length() - archive.getFilePointer() < fileNameLen) { | |||||
| throw new EOFException(); | |||||
| } | |||||
| final byte[] fileName = new byte[fileNameLen]; | final byte[] fileName = new byte[fileNameLen]; | ||||
| archive.readFully(fileName); | archive.readFully(fileName); | ||||
| ze.setName(entryEncoding.decode(fileName), fileName); | ze.setName(entryEncoding.decode(fileName), fileName); | ||||
| @@ -550,12 +553,18 @@ public class ZipFile implements Closeable { | |||||
| // data offset will be filled later | // data offset will be filled later | ||||
| entries.add(ze); | entries.add(ze); | ||||
| if (archive.length() - archive.getFilePointer() < extraLen) { | |||||
| throw new EOFException(); | |||||
| } | |||||
| final byte[] cdExtraData = new byte[extraLen]; | final byte[] cdExtraData = new byte[extraLen]; | ||||
| archive.readFully(cdExtraData); | archive.readFully(cdExtraData); | ||||
| ze.setCentralDirectoryExtra(cdExtraData); | ze.setCentralDirectoryExtra(cdExtraData); | ||||
| setSizesAndOffsetFromZip64Extra(ze, offset, diskStart); | setSizesAndOffsetFromZip64Extra(ze, offset, diskStart); | ||||
| if (archive.length() - archive.getFilePointer() < commentLen) { | |||||
| throw new EOFException(); | |||||
| } | |||||
| final byte[] comment = new byte[commentLen]; | final byte[] comment = new byte[commentLen]; | ||||
| archive.readFully(comment); | archive.readFully(comment); | ||||
| ze.setComment(entryEncoding.decode(comment)); | ze.setComment(entryEncoding.decode(comment)); | ||||
| @@ -881,9 +890,18 @@ public class ZipFile implements Closeable { | |||||
| } | } | ||||
| lenToSkip -= skipped; | lenToSkip -= skipped; | ||||
| } | } | ||||
| if (archive.length() - archive.getFilePointer() < extraFieldLen) { | |||||
| throw new EOFException(); | |||||
| } | |||||
| final byte[] localExtraData = new byte[extraFieldLen]; | final byte[] localExtraData = new byte[extraFieldLen]; | ||||
| archive.readFully(localExtraData); | archive.readFully(localExtraData); | ||||
| ze.setExtra(localExtraData); | |||||
| try { | |||||
| ze.setExtra(localExtraData); | |||||
| } catch (RuntimeException ex) { | |||||
| final ZipException z = new ZipException("Invalid extra data in entry " + ze.getName()); | |||||
| z.initCause(ex); | |||||
| throw z; | |||||
| } | |||||
| offsetEntry.dataOffset = offset + LFH_OFFSET_FOR_FILENAME_LENGTH | offsetEntry.dataOffset = offset + LFH_OFFSET_FOR_FILENAME_LENGTH | ||||
| + SHORT + SHORT + fileNameLen + extraFieldLen; | + SHORT + SHORT + fileNameLen + extraFieldLen; | ||||