From add25e44b62f737b0b214c91d0fc7aaa31d6a2d7 Mon Sep 17 00:00:00 2001
From: Joerg Sonnenberger <joerg@bec.de>
Date: Wed, 6 Sep 2017 23:03:00 +0200
Subject: [PATCH] Ensure that the AES extension header is large enough.

Reported-By: OSS-Fuzz issue 2394
---
 libarchive/archive_read_support_format_zip.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/libarchive/archive_read_support_format_zip.c b/libarchive/archive_read_support_format_zip.c
index 4c4f6fad4..125f1838c 100644
--- a/libarchive/archive_read_support_format_zip.c
+++ b/libarchive/archive_read_support_format_zip.c
@@ -723,6 +723,11 @@ process_extra(struct archive_read *a, const char *p, size_t extra_length, struct
 		}
 		case 0x9901:
 			/* WinZip AES extra data field. */
+			if (datasize < 6) {
+				archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
+				    "Incomplete AES field");
+				return ARCHIVE_FAILED;
+			}
 			if (p[offset + 2] == 'A' && p[offset + 3] == 'E') {
 				/* Vendor version. */
 				zip_entry->aes_extra.vendor =
-- 
2.47.2