Ensure that the AES extension header is large enough.

author Joerg Sonnenberger <joerg@bec.de>

Wed, 6 Sep 2017 21:03:00 +0000 (23:03 +0200)

committer Joerg Sonnenberger <joerg@bec.de>

Wed, 6 Sep 2017 21:03:00 +0000 (23:03 +0200)
author Joerg Sonnenberger <joerg@bec.de>
Wed, 6 Sep 2017 21:03:00 +0000 (23:03 +0200)
committer Joerg Sonnenberger <joerg@bec.de>
Wed, 6 Sep 2017 21:03:00 +0000 (23:03 +0200)
diff --git a/libarchive/archive_read_support_format_zip.c b/libarchive/archive_read_support_format_zip.c

index 4c4f6fad47983d71462a3c924b723c68eab1bf59..125f1838c540947240313d983ad08cf9fa94bb34 100644 (file)
--- a/libarchive/archive_read_support_format_zip.c
+++ b/libarchive/archive_read_support_format_zip.c
@@ -723,6 +723,11 @@ process_extra(struct archive_read *a, const char *p, size_t extra_length, struct
                 }
                 case 0x9901:
                         /* WinZip AES extra data field. */
+                       if (datasize < 6) {
+                               archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
+                                   "Incomplete AES field");
+                               return ARCHIVE_FAILED;
+                       }
                         if (p[offset + 2] == 'A' && p[offset + 3] == 'E') {
                                 /* Vendor version. */
                                 zip_entry->aes_extra.vendor =
author	Joerg Sonnenberger <joerg@bec.de>
	Wed, 6 Sep 2017 21:03:00 +0000 (23:03 +0200)
committer	Joerg Sonnenberger <joerg@bec.de>
	Wed, 6 Sep 2017 21:03:00 +0000 (23:03 +0200)