diff options
author | David Blatter <mail@dabla.ch> | 2021-03-31 15:57:44 +0200 |
---|---|---|
committer | Michael Stahl <michael.stahl@allotropia.de> | 2021-04-02 12:51:29 +0200 |
commit | 24fad8bf168beb56855d97ede2d4a1dec2a46220 (patch) | |
tree | f97d4d40b40ad8dd5b71749e6bf0e71caba5c83b /package | |
parent | 4ff64681820d1b9c5b38015ecb42cba2e56800c3 (diff) |
fix detection of encrypted zip entries
if a zip entry is encrypted, bit 1 of the flags field is set. previously
bit 1 of the version field was checked. a valid zip with a required version
of e.g. 45 generated a 'file is corrupt' error
see: https://pkware.cachefly.net/webdocs/APPNOTE/APPNOTE-6.3.3.TXT
(sections 4.4.3 and 4.4.4)
Change-Id: I8bba6ead582e6cab55c8449f202807b50befea07
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/113420
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
Diffstat (limited to 'package')
-rw-r--r-- | package/source/zipapi/ZipFile.cxx | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/package/source/zipapi/ZipFile.cxx b/package/source/zipapi/ZipFile.cxx index 6ee7bdc0d43d..fb90ef02e4e1 100644 --- a/package/source/zipapi/ZipFile.cxx +++ b/package/source/zipapi/ZipFile.cxx @@ -921,11 +921,11 @@ sal_Int32 ZipFile::readCEN() aMemGrabber.skipBytes ( 2 ); aEntry.nVersion = aMemGrabber.ReadInt16(); + aEntry.nFlag = aMemGrabber.ReadInt16(); - if ( ( aEntry.nVersion & 1 ) == 1 ) + if ( ( aEntry.nFlag & 1 ) == 1 ) throw ZipException("Invalid CEN header (encrypted entry)" ); - aEntry.nFlag = aMemGrabber.ReadInt16(); aEntry.nMethod = aMemGrabber.ReadInt16(); if ( aEntry.nMethod != STORED && aEntry.nMethod != DEFLATED) @@ -1025,9 +1025,10 @@ void ZipFile::recover() MemoryByteGrabber aMemGrabber(aTmpBuffer); aEntry.nVersion = aMemGrabber.ReadInt16(); - if ( ( aEntry.nVersion & 1 ) != 1 ) + aEntry.nFlag = aMemGrabber.ReadInt16(); + + if ( ( aEntry.nFlag & 1 ) != 1 ) { - aEntry.nFlag = aMemGrabber.ReadInt16(); aEntry.nMethod = aMemGrabber.ReadInt16(); if ( aEntry.nMethod == STORED || aEntry.nMethod == DEFLATED ) |