stan/jdk-24
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

8076641: getNextEntry throws ArrayIndexOutOfBoundsException when unzipping file

Browse Source 
To add extra sanity check for entry extra data

Reviewed-by: alanb
This commit is contained in:
Xueming Shen 2015-04-06 13:41:10 -07:00
parent ad5f742cba
commit 2de64493a2
3 changed files with 44 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
jdk/src/java.base/share/classes/java/util/zip/ZipEntry.java
View File

@ -481,6 +481,8 @@ class ZipEntry implements ZipConstants, Cloneable {
}
break;
case EXTID_NTFS:
if (sz < 32) // reserved 4 bytes + tag 2 bytes + size 2 bytes
break; // m[a|c]time 24 bytes
int pos = off + 4; // reserved 4 bytes
if (get16(extra, pos) != 0x0001 || get16(extra, pos + 2) != 24)
break;

2
jdk/src/jdk.zipfs/share/classes/jdk/nio/zipfs/ZipFileSystem.java
View File

@ -2271,6 +2271,8 @@ class ZipFileSystem extends FileSystem {
}
break;
case EXTID_NTFS:
if (sz < 32)
break;
pos += 4; // reserved 4 bytes
if (SH(extra, pos) != 0x0001)
break;

42
jdk/test/java/util/zip/TestExtraTime.java
View File

@ -23,7 +23,7 @@
/**
* @test
* @bug 4759491 6303183 7012868 8015666 8023713 8068790
* @bug 4759491 6303183 7012868 8015666 8023713 8068790 8076641
* @summary Test ZOS and ZIS timestamp in extra field correctly
*/
@ -40,7 +40,6 @@ import java.util.zip.ZipFile;
import java.util.zip.ZipInputStream;
import java.util.zip.ZipOutputStream;
public class TestExtraTime {
public static void main(String[] args) throws Throwable{
@ -71,6 +70,7 @@ public class TestExtraTime {
}
testNullHandling();
testTagOnlyHandling();
testTimeConversions();
}
@ -208,4 +208,42 @@ public class TestExtraTime {
}
}
}
static void check(ZipEntry ze, byte[] extra) {
if (extra != null) {
byte[] extra1 = ze.getExtra();
if (extra1 == null || extra1.length < extra.length ||
!Arrays.equals(Arrays.copyOfRange(extra1,
extra1.length - extra.length,
extra1.length),
extra)) {
throw new RuntimeException("Timestamp: storing extra field failed!");
}
}
}
static void testTagOnlyHandling() throws Throwable {
ByteArrayOutputStream baos = new ByteArrayOutputStream();
byte[] extra = new byte[] { 0x0a, 0, 4, 0, 0, 0, 0, 0 };
try (ZipOutputStream zos = new ZipOutputStream(baos)) {
ZipEntry ze = new ZipEntry("TestExtraTime.java");
ze.setExtra(extra);
zos.putNextEntry(ze);
zos.write(new byte[] { 1,2 ,3, 4});
}
try (ZipInputStream zis = new ZipInputStream(
new ByteArrayInputStream(baos.toByteArray()))) {
ZipEntry ze = zis.getNextEntry();
check(ze, extra);
}
Path zpath = Paths.get(System.getProperty("test.dir", "."),
"TestExtraTime.zip");
Files.copy(new ByteArrayInputStream(baos.toByteArray()), zpath);
try (ZipFile zf = new ZipFile(zpath.toFile())) {
ZipEntry ze = zf.getEntry("TestExtraTime.java");
check(ze, extra);
} finally {
Files.delete(zpath);
}
}
}