You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@ant.apache.org by bo...@apache.org on 2021/07/10 09:14:13 UTC
[ant] branch 1.9.x updated: port some fixes from Commons Compress
This is an automated email from the ASF dual-hosted git repository.
bodewig pushed a commit to branch 1.9.x
in repository https://gitbox.apache.org/repos/asf/ant.git
The following commit(s) were added to refs/heads/1.9.x by this push:
new 6594a2d port some fixes from Commons Compress
6594a2d is described below
commit 6594a2d66f7f060dafcbbf094dd60676db19a842
Author: Stefan Bodewig <bo...@apache.org>
AuthorDate: Sat Jul 10 11:10:12 2021 +0200
port some fixes from Commons Compress
---
src/main/org/apache/tools/tar/TarInputStream.java | 7 +++++--
src/main/org/apache/tools/zip/AsiExtraField.java | 12 ++++++++----
src/main/org/apache/tools/zip/ZipFile.java | 20 +++++++++++++++++++-
3 files changed, 32 insertions(+), 7 deletions(-)
diff --git a/src/main/org/apache/tools/tar/TarInputStream.java b/src/main/org/apache/tools/tar/TarInputStream.java
index 9715992..966835e 100644
--- a/src/main/org/apache/tools/tar/TarInputStream.java
+++ b/src/main/org/apache/tools/tar/TarInputStream.java
@@ -438,11 +438,13 @@ public class TarInputStream extends FilterInputStream {
String keyword = coll.toString("UTF-8");
// Get rest of entry
final int restLen = len - read;
- byte[] rest = new byte[restLen];
+ ByteArrayOutputStream bos = new ByteArrayOutputStream();
int got = 0;
while (got < restLen && (ch = i.read()) != -1) {
- rest[got++] = (byte) ch;
+ bos.write((byte) ch);
+ got++;
}
+ bos.close();
if (got != restLen) {
throw new IOException("Failed to read "
+ "Paxheader. Expected "
@@ -450,6 +452,7 @@ public class TarInputStream extends FilterInputStream {
+ " bytes, read "
+ got);
}
+ byte[] rest = bos.toByteArray();
// Drop trailing NL
String value = new String(rest, 0,
restLen - 1, "UTF-8");
diff --git a/src/main/org/apache/tools/zip/AsiExtraField.java b/src/main/org/apache/tools/zip/AsiExtraField.java
index 0108ee2..3f70aee 100644
--- a/src/main/org/apache/tools/zip/AsiExtraField.java
+++ b/src/main/org/apache/tools/zip/AsiExtraField.java
@@ -307,14 +307,18 @@ public class AsiExtraField implements ZipExtraField, UnixStat, Cloneable {
int newMode = ZipShort.getValue(tmp, 0);
// CheckStyle:MagicNumber OFF
- byte[] linkArray = new byte[(int) ZipLong.getValue(tmp, 2)];
+ final int linkArrayLength = (int) ZipLong.getValue(tmp, 2);
+ if (linkArrayLength < 0 || linkArrayLength > tmp.length - 10) {
+ throw new ZipException("Bad symbolic link name length " + linkArrayLength
+ + " in ASI extra field");
+ }
uid = ZipShort.getValue(tmp, 6);
gid = ZipShort.getValue(tmp, 8);
-
- if (linkArray.length == 0) {
+ if (linkArrayLength == 0) {
link = "";
} else {
- System.arraycopy(tmp, 10, linkArray, 0, linkArray.length);
+ final byte[] linkArray = new byte[linkArrayLength];
+ System.arraycopy(tmp, 10, linkArray, 0, linkArrayLength);
link = new String(linkArray); // Uses default charset - see class Javadoc
}
// CheckStyle:MagicNumber ON
diff --git a/src/main/org/apache/tools/zip/ZipFile.java b/src/main/org/apache/tools/zip/ZipFile.java
index a50570e..1eccb2c 100644
--- a/src/main/org/apache/tools/zip/ZipFile.java
+++ b/src/main/org/apache/tools/zip/ZipFile.java
@@ -538,6 +538,9 @@ public class ZipFile implements Closeable {
ze.setExternalAttributes(ZipLong.getValue(CFH_BUF, off));
off += WORD;
+ if (archive.length() - archive.getFilePointer() < fileNameLen) {
+ throw new EOFException();
+ }
final byte[] fileName = new byte[fileNameLen];
archive.readFully(fileName);
ze.setName(entryEncoding.decode(fileName), fileName);
@@ -547,12 +550,18 @@ public class ZipFile implements Closeable {
// data offset will be filled later
entries.add(ze);
+ if (archive.length() - archive.getFilePointer() < extraLen) {
+ throw new EOFException();
+ }
final byte[] cdExtraData = new byte[extraLen];
archive.readFully(cdExtraData);
ze.setCentralDirectoryExtra(cdExtraData);
setSizesAndOffsetFromZip64Extra(ze, offset, diskStart);
+ if (archive.length() - archive.getFilePointer() < commentLen) {
+ throw new EOFException();
+ }
final byte[] comment = new byte[commentLen];
archive.readFully(comment);
ze.setComment(entryEncoding.decode(comment));
@@ -878,9 +887,18 @@ public class ZipFile implements Closeable {
}
lenToSkip -= skipped;
}
+ if (archive.length() - archive.getFilePointer() < extraFieldLen) {
+ throw new EOFException();
+ }
final byte[] localExtraData = new byte[extraFieldLen];
archive.readFully(localExtraData);
- ze.setExtra(localExtraData);
+ try {
+ ze.setExtra(localExtraData);
+ } catch (RuntimeException ex) {
+ final ZipException z = new ZipException("Invalid extra data in entry " + ze.getName());
+ z.initCause(ex);
+ throw z;
+ }
offsetEntry.dataOffset = offset + LFH_OFFSET_FOR_FILENAME_LENGTH
+ SHORT + SHORT + fileNameLen + extraFieldLen;