8321802: (zipfs) Add validation of incorrect LOC signature in ZipFileSystem

Reviewed-by: alanb, lancea
2023-12-22 16:09:22 +00:00 · 2023-12-22 16:09:22 +00:00 · 93fedc12db
commit 93fedc12db
parent 1230853343
2 changed files with 15 additions and 2 deletions
--- a/src/jdk.zipfs/share/classes/jdk/nio/zipfs/ZipFileSystem.java
+++ b/src/jdk.zipfs/share/classes/jdk/nio/zipfs/ZipFileSystem.java
@ -2573,7 +2573,10 @@ class ZipFileSystem extends FileSystem {
                pos = -pos + locpos;
                byte[] buf = new byte[LOCHDR];
                if (readNBytesAt(buf, 0, buf.length, pos) != LOCHDR) {
-                    throw new ZipException("invalid loc " + pos + " for entry reading");
+                    throw new ZipException("invalid LOC " + pos + " for entry reading");
+                }
+                if (LOCSIG(buf) != LOCSIG) {
+                    throw new ZipException("invalid LOC header (bad signature)");
                }
                pos += LOCHDR + LOCNAM(buf) + LOCEXT(buf);
            }
--- a/test/jdk/jdk/nio/zipfs/CorruptedZipFilesTest.java
+++ b/test/jdk/jdk/nio/zipfs/CorruptedZipFilesTest.java
@ -22,7 +22,7 @@
 */

 /* @test
- * @bug 8316141
+ * @bug 8316141 8321802
 * @summary test for correct detection and reporting of corrupted zip files
 * @run junit CorruptedZipFilesTest
 */
@ -287,6 +287,16 @@ public class CorruptedZipFilesTest {
        assertZipException(".*unsupported compression method.*");
    }

+    /*
+     * A ZipException is thrown when a LOC header has an unexpected signature
+     */
+    @Test
+    public void invalidLOCSignature() throws IOException {
+        int existingSignature = buffer.getInt(locpos);
+        buffer.putInt(locpos, existingSignature +1);
+        assertZipException(".*bad signature.*");
+    }
+
    /*
     * Assert that opening a ZIP file and consuming the entry's
     * InputStream using the ZipFile API fails with a ZipException