007-integer-underflow-csiz_decrypted.patch 900 B

123456789101112131415161718192021
  1. --- a/extract.c
  2. +++ b/extract.c
  3. @@ -1257,8 +1257,17 @@ static int extract_or_test_entrylist(__G
  4. if (G.lrec.compression_method == STORED) {
  5. zusz_t csiz_decrypted = G.lrec.csize;
  6. - if (G.pInfo->encrypted)
  7. + if (G.pInfo->encrypted) {
  8. + if (csiz_decrypted <= 12) {
  9. + /* handle the error now to prevent unsigned overflow */
  10. + Info(slide, 0x401, ((char *)slide,
  11. + LoadFarStringSmall(ErrUnzipNoFile),
  12. + LoadFarString(InvalidComprData),
  13. + LoadFarStringSmall2(Inflate)));
  14. + return PK_ERR;
  15. + }
  16. csiz_decrypted -= 12;
  17. + }
  18. if (G.lrec.ucsize != csiz_decrypted) {
  19. Info(slide, 0x401, ((char *)slide,
  20. LoadFarStringSmall2(WrnStorUCSizCSizDiff),