This is an automated email from the ASF dual-hosted git repository.
bodewig pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/commons-compress.git
The following commit(s) were added to refs/heads/master by this push:
new ef5d70b sanity check for link length in AsiExtraField
ef5d70b is described below
commit ef5d70b625000e38404194aaab311b771c44efda
Author: Stefan Bodewig <[email protected]>
AuthorDate: Wed Jun 30 21:45:52 2021 +0200
sanity check for link length in AsiExtraField
Credit to OSS-Fuzz
---
.../apache/commons/compress/archivers/zip/AsiExtraField.java | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git
a/src/main/java/org/apache/commons/compress/archivers/zip/AsiExtraField.java
b/src/main/java/org/apache/commons/compress/archivers/zip/AsiExtraField.java
index fa6c864..bf82a3b 100644
--- a/src/main/java/org/apache/commons/compress/archivers/zip/AsiExtraField.java
+++ b/src/main/java/org/apache/commons/compress/archivers/zip/AsiExtraField.java
@@ -289,17 +289,17 @@ public class AsiExtraField implements ZipExtraField,
UnixStat, Cloneable {
final int newMode = ZipShort.getValue(tmp, 0);
// CheckStyle:MagicNumber OFF
- final byte[] linkArray = new byte[(int) ZipLong.getValue(tmp, 2)];
- final int linkArrayLength = linkArray.length;
+ final int linkArrayLength = (int) ZipLong.getValue(tmp, 2);
+ if (linkArrayLength < 0 || linkArrayLength > tmp.length - 10) {
+ throw new ZipException("Bad symbolic link name length " +
linkArrayLength
+ + " in ASI extra field");
+ }
uid = ZipShort.getValue(tmp, 6);
gid = ZipShort.getValue(tmp, 8);
-
if (linkArrayLength == 0) {
link = "";
- } else if (linkArrayLength > tmp.length - 10) {
- throw new ZipException("Bad symbolic link name length " +
linkArrayLength
- + " in ASI extra field");
} else {
+ final byte[] linkArray = new byte[linkArrayLength];
System.arraycopy(tmp, 10, linkArray, 0, linkArrayLength);
link = new String(linkArray); // Uses default charset - see class
Javadoc
}
