From: Joerg Sonnenberger <joerg@bec.de>
Date: Wed, 6 Sep 2017 21:03:00 +0000 (+0200)
Subject: Ensure that the AES extension header is large enough.
X-Git-Tag: v3.3.3~37
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=add25e44b62f737b0b214c91d0fc7aaa31d6a2d7;p=thirdparty%2Flibarchive.git

Ensure that the AES extension header is large enough.

Reported-By: OSS-Fuzz issue 2394
---

diff --git a/libarchive/archive_read_support_format_zip.c b/libarchive/archive_read_support_format_zip.c
index 4c4f6fad4..125f1838c 100644
--- a/libarchive/archive_read_support_format_zip.c
+++ b/libarchive/archive_read_support_format_zip.c
@@ -723,6 +723,11 @@ process_extra(struct archive_read *a, const char *p, size_t extra_length, struct
 		}
 		case 0x9901:
 			/* WinZip AES extra data field. */
+			if (datasize < 6) {
+				archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
+				    "Incomplete AES field");
+				return ARCHIVE_FAILED;
+			}
 			if (p[offset + 2] == 'A' && p[offset + 3] == 'E') {
 				/* Vendor version. */
 				zip_entry->aes_extra.vendor =