You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@commons.apache.org by bo...@apache.org on 2021/05/01 16:32:38 UTC
[commons-compress] branch master updated (deabd92 -> 51265b2)
This is an automated email from the ASF dual-hosted git repository.
bodewig pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/commons-compress.git.
from deabd92 COMPRESS-575 document changes
new 9631715 AsiExtraField actually expects quite a few more bytes than it claims
new 51265b2 JDK's ZipEntry#setExtra parses a few extra fields itself ...
The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
.../org/apache/commons/compress/archivers/zip/AsiExtraField.java | 9 ++++++---
.../commons/compress/archivers/zip/ZipArchiveInputStream.java | 8 +++++++-
.../java/org/apache/commons/compress/archivers/zip/ZipFile.java | 8 +++++++-
3 files changed, 20 insertions(+), 5 deletions(-)
[commons-compress] 02/02: JDK's ZipEntry#setExtra parses a few
extra fields itself ...
Posted by bo...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
bodewig pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/commons-compress.git
commit 51265b23722d9ce2262d68979ce7dbb79b94f430
Author: Stefan Bodewig <bo...@apache.org>
AuthorDate: Sat May 1 18:31:34 2021 +0200
JDK's ZipEntry#setExtra parses a few extra fields itself ...
... and may throw RuntimeExceptions every now and then
---
.../commons/compress/archivers/zip/ZipArchiveInputStream.java | 8 +++++++-
.../java/org/apache/commons/compress/archivers/zip/ZipFile.java | 8 +++++++-
2 files changed, 14 insertions(+), 2 deletions(-)
diff --git a/src/main/java/org/apache/commons/compress/archivers/zip/ZipArchiveInputStream.java b/src/main/java/org/apache/commons/compress/archivers/zip/ZipArchiveInputStream.java
index 2652294..af3d45f 100644
--- a/src/main/java/org/apache/commons/compress/archivers/zip/ZipArchiveInputStream.java
+++ b/src/main/java/org/apache/commons/compress/archivers/zip/ZipArchiveInputStream.java
@@ -348,7 +348,13 @@ public class ZipArchiveInputStream extends ArchiveInputStream implements InputSt
final byte[] extraData = new byte[extraLen];
readFully(extraData);
- current.entry.setExtra(extraData);
+ try {
+ current.entry.setExtra(extraData);
+ } catch (RuntimeException ex) {
+ final ZipException z = new ZipException("Invalid extra data in entry " + current.entry.getName());
+ z.initCause(ex);
+ throw z;
+ }
if (!hasUTF8Flag && useUnicodeExtraFields) {
ZipUtil.setNameAndCommentFromExtraFields(current.entry, fileName, null);
diff --git a/src/main/java/org/apache/commons/compress/archivers/zip/ZipFile.java b/src/main/java/org/apache/commons/compress/archivers/zip/ZipFile.java
index d3dd565..17f340b 100644
--- a/src/main/java/org/apache/commons/compress/archivers/zip/ZipFile.java
+++ b/src/main/java/org/apache/commons/compress/archivers/zip/ZipFile.java
@@ -1262,7 +1262,13 @@ public class ZipFile implements Closeable {
skipBytes(fileNameLen);
final byte[] localExtraData = new byte[extraFieldLen];
IOUtils.readFully(archive, ByteBuffer.wrap(localExtraData));
- ze.setExtra(localExtraData);
+ try {
+ ze.setExtra(localExtraData);
+ } catch (RuntimeException ex) {
+ final ZipException z = new ZipException("Invalid extra data in entry " + ze.getName());
+ z.initCause(ex);
+ throw z;
+ }
if (entriesWithoutUTF8Flag.containsKey(ze)) {
final NameAndComment nc = entriesWithoutUTF8Flag.get(ze);
[commons-compress] 01/02: AsiExtraField actually expects quite a
few more bytes than it claims
Posted by bo...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
bodewig pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/commons-compress.git
commit 96317153c10f6358877729672fc5a221055a0c31
Author: Stefan Bodewig <bo...@apache.org>
AuthorDate: Sat May 1 18:26:09 2021 +0200
AsiExtraField actually expects quite a few more bytes than it claims
---
.../org/apache/commons/compress/archivers/zip/AsiExtraField.java | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/src/main/java/org/apache/commons/compress/archivers/zip/AsiExtraField.java b/src/main/java/org/apache/commons/compress/archivers/zip/AsiExtraField.java
index 98194cd..fa6c864 100644
--- a/src/main/java/org/apache/commons/compress/archivers/zip/AsiExtraField.java
+++ b/src/main/java/org/apache/commons/compress/archivers/zip/AsiExtraField.java
@@ -21,6 +21,9 @@ package org.apache.commons.compress.archivers.zip;
import java.util.zip.CRC32;
import java.util.zip.ZipException;
+import static org.apache.commons.compress.archivers.zip.ZipConstants.SHORT;
+import static org.apache.commons.compress.archivers.zip.ZipConstants.WORD;
+
/**
* Adds Unix file permission and UID/GID fields as well as symbolic
* link handling.
@@ -52,7 +55,7 @@ import java.util.zip.ZipException;
public class AsiExtraField implements ZipExtraField, UnixStat, Cloneable {
private static final ZipShort HEADER_ID = new ZipShort(0x756E);
- private static final int WORD = 4;
+ private static final int MIN_SIZE = WORD + SHORT + WORD + SHORT + SHORT;
/**
* Standard Unix stat(2) file mode.
*/
@@ -266,9 +269,9 @@ public class AsiExtraField implements ZipExtraField, UnixStat, Cloneable {
@Override
public void parseFromLocalFileData(final byte[] data, final int offset, final int length)
throws ZipException {
- if (length < WORD) {
+ if (length < MIN_SIZE) {
throw new ZipException("The length is too short, only "
- + length + " bytes, expected at least " + WORD);
+ + length + " bytes, expected at least " + MIN_SIZE);
}
final long givenChecksum = ZipLong.getValue(data, offset);