package: ZipPackage: add additional check for entries STORED with

... data descriptor; only allow it for encrypted ODF entries, which
requires reading the manifest first.

Change-Id: If36d31a4cb93e7af78f48be3ed899ad9d9bb28f0
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/171911
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>

1 files changed, 6 insertions, 0 deletions

diff --git a/package/source/zipapi/ZipFile.cxx b/package/source/zipapi/ZipFile.cxx
index 5c5d29435a77..fa58404ab431 100644
--- a/package/source/zipapi/ZipFile.cxx
+++ b/package/source/zipapi/ZipFile.cxx
@@ -1018,6 +1018,7 @@ sal_uInt64 ZipFile::readLOC(ZipEntry &rEntry)
             // Unfortunately every encrypted ODF package entry hits this,
             // because ODF requires deflated entry with value STORED and OOo/LO
             // has always written compressed streams with data descriptor.
+            // So it is checked later in ZipPackage::checkZipEntriesWithDD()
             if (nLocMethod == STORED)
             {
                 SAL_INFO("package", "LOC STORED with data descriptor: \"" << rEntry.sPath << "\"");
@@ -1389,6 +1390,11 @@ sal_Int32 ZipFile::readCEN()
             if (o3tl::checked_multiply<sal_Int64>(aEntry.nOffset, -1, aEntry.nOffset))
                 throw ZipException(u"Integer-overflow"_ustr);
 
+            if (aEntry.nMethod == STORED && aEntry.nCompressedSize != aEntry.nSize)
+            {
+                throw ZipException(u"entry STORED with inconsistent size"_ustr);
+            }
+
             aMemGrabber.skipBytes(nCommentLen);
 
             // unfortunately readLOC is required now to check the consistency