!53 【漏洞】 【master】 CVE-2023-45853

Merge pull request !53 from 赵淦/master
This commit is contained in:
openharmony_ci
2023-10-18 03:06:49 +00:00
committed by Gitee
+14
View File
@@ -1083,6 +1083,20 @@ extern int ZEXPORT zipOpenNewFileInZip4_64 (zipFile file, const char* filename,
return ZIP_PARAMERROR;
#endif
// The filename and comment length must fit in 16 bits.
if ((filename != NULL) && (strlen(filename) > 0xffff)) {
return ZIP_PARAMERROR;
}
if ((comment != NULL) && (strlen(comment) > 0xffff)) {
return ZIP_PARAMERROR;
}
// The extra field length must fit in 16 bits. If the member also requires
// a Zip64 extra block, that will also need to fit within that 16-bit
// length, but that will be checked for later.
if ((size_extrafield_local > 0xffff) || (size_extrafield_global > 0xffff)) {
return ZIP_PARAMERROR;
}
zi = (zip64_internal*)file;
if (zi->in_opened_file_inzip == 1)