From: drh <> Date: Thu, 6 Apr 2023 00:59:41 +0000 (+0000) Subject: In the zipfile extension, defend against corrupt ZIP files that contain X-Git-Tag: version-3.42.0~173 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=c6349ce205e945da9f4a80f114ada6e7e30081eb;p=thirdparty%2Fsqlite.git In the zipfile extension, defend against corrupt ZIP files that contain a zero-length filename. [forum:/forumpost/b15f5e3ad8|Forum post b15f5e3ad8]. FossilOrigin-Name: 46db2e42a5f9b18da9661ccedca68cb70257ea5c58b33b401db2a5e030c1346a --- diff --git a/ext/misc/zipfile.c b/ext/misc/zipfile.c index 480fbe3990..9b49fb4df6 100644 --- a/ext/misc/zipfile.c +++ b/ext/misc/zipfile.c @@ -1097,7 +1097,10 @@ static int zipfileColumn( ** it to be a directory either if the mode suggests so, or if ** the final character in the name is '/'. */ u32 mode = pCDS->iExternalAttr >> 16; - if( !(mode & S_IFDIR) && pCDS->zFile[pCDS->nFile-1]!='/' ){ + if( !(mode & S_IFDIR) + && pCDS->nFile>=1 + && pCDS->zFile[pCDS->nFile-1]!='/' + ){ sqlite3_result_blob(ctx, "", 0, SQLITE_STATIC); } } diff --git a/manifest b/manifest index 40053fb961..c94b14ec3c 100644 --- a/manifest +++ b/manifest @@ -1,5 +1,5 @@ -C In\sthe\snew\s.scanstatus\scommand\sin\sthe\sCLI,\smake\ssure\sthe\sdatabase\sis\sopened\nbefore\sinvoking\ssqlite3_db_config().\n[forum:/forumpost/6e26dcf544|Forum\spost\s6e26dcf544]. -D 2023-04-06T00:18:31.546 +C In\sthe\szipfile\sextension,\sdefend\sagainst\scorrupt\sZIP\sfiles\sthat\scontain\na\szero-length\sfilename.\n[forum:/forumpost/b15f5e3ad8|Forum\spost\sb15f5e3ad8]. +D 2023-04-06T00:59:41.126 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea F LICENSE.md df5091916dbb40e6e9686186587125e1b2ff51f022cc334e886c19a0e9982724 @@ -316,7 +316,7 @@ F ext/misc/vfsstat.c 474d08efc697b8eba300082cb1eb74a5f0f3df31ed257db1cb07e72ab0e F ext/misc/vtablog.c 5538acd0c8ddaae372331bee11608d76973436b77d6a91e8635cfc9432fba5ae F ext/misc/vtshim.c 1976e6dd68dd0d64508c91a6dfab8e75f8aaf6cd F ext/misc/wholenumber.c a838d1bea913c514ff316c69695efbb49ea3b8cb37d22afc57f73b6b010b4546 -F ext/misc/zipfile.c f98239261488397618ce4754c500626d1de20cd2d44bf2f2d571d7ddaab668a7 +F ext/misc/zipfile.c b9d615e1d9af7577833861cfaa79b253aec0f26c89239c75af8c790d287d1d39 F ext/misc/zorder.c b0ff58fa643afa1d846786d51ea8d5c4b6b35aa0254ab5a82617db92f3adda64 F ext/rbu/rbu.c 801450b24eaf14440d8fd20385aacc751d5c9d6123398df41b1b5aa804bf4ce8 F ext/rbu/rbu1.test 25870dd7db7eb5597e2b4d6e29e7a7e095abf332660f67d89959552ce8f8f255 @@ -2052,8 +2052,8 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0 -P 68a1a837493a0bc5e0e0f2373ac76cb575078cec08990c017fdcb51a4ba363a1 -R 5613993872d968e85760c42dbc57645a +P 1cd993c45cd6b60e00d1426dd01d63efad13f7258636b5fa694f21499e77955a +R 83db8d662a6f7a0bae20734c688d29bc U drh -Z fba861d77ab7fe200695129e0e7e4491 +Z d955adab3dd7b2a13ea222fedf06115c # Remove this line to create a well-formed Fossil manifest. diff --git a/manifest.uuid b/manifest.uuid index ae1de680a8..adf9971325 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -1cd993c45cd6b60e00d1426dd01d63efad13f7258636b5fa694f21499e77955a \ No newline at end of file +46db2e42a5f9b18da9661ccedca68cb70257ea5c58b33b401db2a5e030c1346a \ No newline at end of file