From 2561a407a7df5af8bef66dc743d5b7e05f4c06c8 Mon Sep 17 00:00:00 2001 From: Col-E Date: Fri, 8 Jul 2022 11:30:10 -0400 Subject: [PATCH] fix: Additional bogus checks in JVM read strategy Just temporary measures until the associated TODO message is properly addressed. --- pom.xml | 2 +- .../llzip/strategy/JvmZipReaderStrategy.java | 17 ++++++++++++++--- 2 files changed, 15 insertions(+), 4 deletions(-) diff --git a/pom.xml b/pom.xml index 406d003..a1e8fd1 100644 --- a/pom.xml +++ b/pom.xml @@ -6,7 +6,7 @@ software.coley lljzip - 1.1.6 + 1.1.7 5.8.2 diff --git a/src/main/java/software/coley/llzip/strategy/JvmZipReaderStrategy.java b/src/main/java/software/coley/llzip/strategy/JvmZipReaderStrategy.java index 2b8bf4b..55bbff9 100644 --- a/src/main/java/software/coley/llzip/strategy/JvmZipReaderStrategy.java +++ b/src/main/java/software/coley/llzip/strategy/JvmZipReaderStrategy.java @@ -78,14 +78,25 @@ else if (ByteDataUtil.startsWith(data, jvmBaseFileOffset, ZipPatterns.CENTRAL_DI } } } else { - // TODO: Double check 'precedingEndOfCentralDirectory' points to a EndOfCentralDirectory that isn't bogus - // like some shit defined as a fake comment in another ZipPart - // There was a prior end part, so we will seek past it's length and use that as the base offset. try { // Make sure it isn't bogus before we use it as a reference point EndOfCentralDirectory tempEnd = new EndOfCentralDirectory(); tempEnd.read(data, precedingEndOfCentralDirectory); + + + // TODO: Double check 'precedingEndOfCentralDirectory' points to a EndOfCentralDirectory that isn't bogus + // like some shit defined as a fake comment in another ZipPart. + // - Needs to be done in such a way where we do not get tricked by the '-trick.jar' samples + // This is a quick hack. + if (tempEnd.getCentralDirectorySize() > len) + throw new IllegalStateException(); + if (tempEnd.getCentralDirectoryOffset() > tempEnd.getNumEntries()) + throw new IllegalStateException(); + if (tempEnd.getDiskNumber() == 0 && tempEnd.getNumEntries() != tempEnd.getCentralDirectoryOffset()) + throw new IllegalStateException(); + + jvmBaseFileOffset = precedingEndOfCentralDirectory + tempEnd.length(); } catch (Exception ex) { // It's bogus and the sig-match was a coincidence. Zero out the offset.