Skip to content

Commit

Permalink
fix: Less hacky junk detection for determining if 'precedingEndOfCent…
Browse files Browse the repository at this point in the history
…ralDirectory' is valid
  • Loading branch information
Col-E committed Jul 8, 2022
1 parent 2561a40 commit 20266c3
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 12 deletions.
2 changes: 1 addition & 1 deletion pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@

<groupId>software.coley</groupId>
<artifactId>lljzip</artifactId>
<version>1.1.7</version>
<version>1.1.8</version>

<properties>
<junit.version>5.8.2</junit.version>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -43,12 +43,15 @@ public void read(ZipArchive zip, ByteData data) throws IOException {
// Read central directories
long len = data.length();
long centralDirectoryOffset = len - ZipPatterns.CENTRAL_DIRECTORY_FILE_HEADER.length;
long maxRelativeOffset = 0;
while (centralDirectoryOffset > 0L) {
centralDirectoryOffset = ByteDataUtil.lastIndexOf(data, centralDirectoryOffset - 1L, ZipPatterns.CENTRAL_DIRECTORY_FILE_HEADER);
if (centralDirectoryOffset >= 0L) {
CentralDirectoryFileHeader directory = new CentralDirectoryFileHeader();
directory.read(data, centralDirectoryOffset);
zip.getParts().add(directory);
if (directory.getRelativeOffsetOfLocalHeader() > maxRelativeOffset)
maxRelativeOffset = directory.getRelativeOffsetOfLocalHeader();
}
}
// Determine base offset for computing file header locations with.
Expand Down Expand Up @@ -83,20 +86,14 @@ else if (ByteDataUtil.startsWith(data, jvmBaseFileOffset, ZipPatterns.CENTRAL_DI
// Make sure it isn't bogus before we use it as a reference point
EndOfCentralDirectory tempEnd = new EndOfCentralDirectory();
tempEnd.read(data, precedingEndOfCentralDirectory);


// If we use this as a point of reference there must be enough data remaining
// to read the largest offset specified by our central directories.
long hypotheticalJvmBaseOffset = precedingEndOfCentralDirectory + tempEnd.length();
if (len <= hypotheticalJvmBaseOffset + maxRelativeOffset)
throw new IllegalStateException();
// TODO: Double check 'precedingEndOfCentralDirectory' points to a EndOfCentralDirectory that isn't bogus
// like some shit defined as a fake comment in another ZipPart.
// - Needs to be done in such a way where we do not get tricked by the '-trick.jar' samples
// This is a quick hack.
if (tempEnd.getCentralDirectorySize() > len)
throw new IllegalStateException();
if (tempEnd.getCentralDirectoryOffset() > tempEnd.getNumEntries())
throw new IllegalStateException();
if (tempEnd.getDiskNumber() == 0 && tempEnd.getNumEntries() != tempEnd.getCentralDirectoryOffset())
throw new IllegalStateException();


jvmBaseFileOffset = precedingEndOfCentralDirectory + tempEnd.length();
} catch (Exception ex) {
// It's bogus and the sig-match was a coincidence. Zero out the offset.
Expand Down

0 comments on commit 20266c3

Please sign in to comment.