zip_archive: reject files that don't start with an LFH signature.
Bug: 64211847
Test: zip_archive_test
Merged-In: Ib89f0def696206ff427be27764c158fab88e4b5d
Merged-In: I275e7c4da05ceeb20401b560c72294f29ef63642
Change-Id: I38705f4e9688326a140aa59a1333b0878ed39c14
diff --git a/libziparchive/zip_archive.cc b/libziparchive/zip_archive.cc
index 49097ce..89cfe77 100644
--- a/libziparchive/zip_archive.cc
+++ b/libziparchive/zip_archive.cc
@@ -358,6 +358,8 @@
return result;
}
+static inline bool ReadAtOffset(int fd, uint8_t* buf, size_t len, off64_t off);
+
/*
* Parses the Zip archive's Central Directory. Allocates and populates the
* hash table.
@@ -436,6 +438,22 @@
return -1;
}
}
+
+ uint32_t lfh_start_bytes;
+ if (!ReadAtOffset(archive->fd, reinterpret_cast<uint8_t*>(&lfh_start_bytes),
+ sizeof(uint32_t), 0)) {
+ ALOGW("Zip: Unable to read header for entry at offset == 0.");
+ return -1;
+ }
+
+ if (lfh_start_bytes != LocalFileHeader::kSignature) {
+ ALOGW("Zip: Entry at offset zero has invalid LFH signature %" PRIx32, lfh_start_bytes);
+#if defined(__ANDROID__)
+ android_errorWriteLog(0x534e4554, "64211847");
+#endif
+ return -1;
+ }
+
ALOGV("+++ zip good scan %" PRIu16 " entries", num_entries);
return 0;