diff options
author | Mounir IDRASSI <mounir.idrassi@idrix.fr> | 2018-03-18 23:13:40 +0100 |
---|---|---|
committer | Mounir IDRASSI <mounir.idrassi@idrix.fr> | 2018-03-18 23:13:40 +0100 |
commit | cd7a01c34fc4304ef8161ee617568f274ace5d24 (patch) | |
tree | 41ed56e75a5feedc5f7d4fedb6338569d54d6076 /src/Common/libzip/zip_source_zip_new.c | |
parent | 49a8e52139b960afd3913053380190cf2d03ceda (diff) | |
download | VeraCrypt-cd7a01c34fc4304ef8161ee617568f274ace5d24.tar.gz VeraCrypt-cd7a01c34fc4304ef8161ee617568f274ace5d24.zip |
Windows: Update libzip to version 1.5.0 that include fixes for some security issues.
Diffstat (limited to 'src/Common/libzip/zip_source_zip_new.c')
-rw-r--r-- | src/Common/libzip/zip_source_zip_new.c | 99 |
1 files changed, 49 insertions, 50 deletions
diff --git a/src/Common/libzip/zip_source_zip_new.c b/src/Common/libzip/zip_source_zip_new.c index 92562558..a5cfee3a 100644 --- a/src/Common/libzip/zip_source_zip_new.c +++ b/src/Common/libzip/zip_source_zip_new.c @@ -1,6 +1,6 @@ /* zip_source_zip_new.c -- prepare data structures for zip_fopen/zip_source_zip - Copyright (C) 2012-2016 Dieter Baron and Thomas Klausner + Copyright (C) 2012-2017 Dieter Baron and Thomas Klausner This file is part of libzip, a library to manipulate ZIP archives. The authors can be contacted at <libzip@nih.at> @@ -17,7 +17,7 @@ 3. The names of the authors may not be used to endorse or promote products derived from this software without specific prior written permission. - + THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -38,13 +38,10 @@ zip_source_t * -_zip_source_zip_new(zip_t *za, zip_t *srcza, zip_uint64_t srcidx, zip_flags_t flags, zip_uint64_t start, zip_uint64_t len, const char *password) -{ - zip_compression_implementation comp_impl; - zip_encryption_implementation enc_impl; +_zip_source_zip_new(zip_t *za, zip_t *srcza, zip_uint64_t srcidx, zip_flags_t flags, zip_uint64_t start, zip_uint64_t len, const char *password) { zip_source_t *src, *s2; - zip_uint64_t offset; struct zip_stat st; + bool partial_data, needs_crc, needs_decrypt, needs_decompress; if (za == NULL) return NULL; @@ -54,13 +51,12 @@ _zip_source_zip_new(zip_t *za, zip_t *srcza, zip_uint64_t srcidx, zip_flags_t fl return NULL; } - if ((flags & ZIP_FL_UNCHANGED) == 0 - && (ZIP_ENTRY_DATA_CHANGED(srcza->entry+srcidx) || srcza->entry[srcidx].deleted)) { + if ((flags & ZIP_FL_UNCHANGED) == 0 && (ZIP_ENTRY_DATA_CHANGED(srcza->entry + srcidx) || srcza->entry[srcidx].deleted)) { zip_error_set(&za->error, ZIP_ER_CHANGED, 0); return NULL; } - if (zip_stat_index(srcza, srcidx, flags|ZIP_FL_UNCHANGED, &st) < 0) { + if (zip_stat_index(srcza, srcidx, flags | ZIP_FL_UNCHANGED, &st) < 0) { zip_error_set(&za->error, ZIP_ER_INTERNAL, 0); return NULL; } @@ -74,70 +70,74 @@ _zip_source_zip_new(zip_t *za, zip_t *srcza, zip_uint64_t srcidx, zip_flags_t fl } /* overflow or past end of file */ - if ((start > 0 || len > 0) && (start+len < start || start+len > st.size)) { + if ((start > 0 || len > 0) && (start + len < start || start + len > st.size)) { zip_error_set(&za->error, ZIP_ER_INVAL, 0); return NULL; } - enc_impl = NULL; - if (((flags & ZIP_FL_ENCRYPTED) == 0) && (st.encryption_method != ZIP_EM_NONE)) { - if (password == NULL) { - password = za->default_password; - } + if (len == 0) { + len = st.size - start; + } + + partial_data = len < st.size; + needs_decrypt = ((flags & ZIP_FL_ENCRYPTED) == 0) && (st.encryption_method != ZIP_EM_NONE); + needs_decompress = ((flags & ZIP_FL_COMPRESSED) == 0) && (st.comp_method != ZIP_CM_STORE); + /* when reading the whole file, check for CRC errors */ + needs_crc = ((flags & ZIP_FL_COMPRESSED) == 0 || st.comp_method == ZIP_CM_STORE) && !partial_data; + + if (needs_decrypt) { if (password == NULL) { - zip_error_set(&za->error, ZIP_ER_NOPASSWD, 0); - return NULL; + password = za->default_password; } - if ((enc_impl=_zip_get_encryption_implementation(st.encryption_method, ZIP_CODEC_DECODE)) == NULL) { - zip_error_set(&za->error, ZIP_ER_ENCRNOTSUPP, 0); + if (password == NULL) { + zip_error_set(&za->error, ZIP_ER_NOPASSWD, 0); return NULL; } } - comp_impl = NULL; - if ((flags & ZIP_FL_COMPRESSED) == 0) { - if (st.comp_method != ZIP_CM_STORE) { - if ((comp_impl=_zip_get_compression_implementation(st.comp_method, ZIP_CODEC_DECODE)) == NULL) { - zip_error_set(&za->error, ZIP_ER_COMPNOTSUPP, 0); - return NULL; - } - } - } - - if ((offset=_zip_file_get_offset(srcza, srcidx, &za->error)) == 0) - return NULL; - if (st.comp_size == 0) { return zip_source_buffer(za, NULL, 0, 0); } - if (start+len > 0 && enc_impl == NULL && comp_impl == NULL) { + if (partial_data && !needs_decrypt && !needs_decompress) { struct zip_stat st2; - - st2.size = len ? len : st.size-start; - st2.comp_size = st2.size; + + st2.size = len; + st2.comp_size = len; st2.comp_method = ZIP_CM_STORE; st2.mtime = st.mtime; - st2.valid = ZIP_STAT_SIZE|ZIP_STAT_COMP_SIZE|ZIP_STAT_COMP_METHOD|ZIP_STAT_MTIME; - - if ((src = _zip_source_window_new(srcza->src, offset+start, st2.size, &st2, &za->error)) == NULL) { + st2.valid = ZIP_STAT_SIZE | ZIP_STAT_COMP_SIZE | ZIP_STAT_COMP_METHOD | ZIP_STAT_MTIME; + + if ((src = _zip_source_window_new(srcza->src, start, len, &st2, 0, srcza, srcidx, &za->error)) == NULL) { return NULL; } } else { - if ((src = _zip_source_window_new(srcza->src, offset, st.comp_size, &st, &za->error)) == NULL) { + zip_dirent_t *de; + + if ((de = _zip_get_dirent(srcza, srcidx, flags, &za->error)) == NULL) { + return NULL; + } + if ((src = _zip_source_window_new(srcza->src, 0, st.comp_size, &st, (de->bitflags >> 1) & 3, srcza, srcidx, &za->error)) == NULL) { return NULL; } } - + if (_zip_source_set_source_archive(src, srcza) < 0) { zip_source_free(src); return NULL; } /* creating a layered source calls zip_keep() on the lower layer, so we free it */ - - if (enc_impl) { + + if (needs_decrypt) { + zip_encryption_implementation enc_impl; + + if ((enc_impl = _zip_get_encryption_implementation(st.encryption_method, ZIP_CODEC_DECODE)) == NULL) { + zip_error_set(&za->error, ZIP_ER_ENCRNOTSUPP, 0); + return NULL; + } + s2 = enc_impl(za, src, st.encryption_method, 0, password); zip_source_free(src); if (s2 == NULL) { @@ -145,16 +145,15 @@ _zip_source_zip_new(zip_t *za, zip_t *srcza, zip_uint64_t srcidx, zip_flags_t fl } src = s2; } - if (comp_impl) { - s2 = comp_impl(za, src, st.comp_method, 0); + if (needs_decompress) { + s2 = zip_source_decompress(za, src, st.comp_method); zip_source_free(src); if (s2 == NULL) { return NULL; } src = s2; } - if (((flags & ZIP_FL_COMPRESSED) == 0 || st.comp_method == ZIP_CM_STORE) && (len == 0 || len == st.comp_size)) { - /* when reading the whole file, check for CRC errors */ + if (needs_crc) { s2 = zip_source_crc(za, src, 1); zip_source_free(src); if (s2 == NULL) { @@ -163,8 +162,8 @@ _zip_source_zip_new(zip_t *za, zip_t *srcza, zip_uint64_t srcidx, zip_flags_t fl src = s2; } - if (start+len > 0 && (comp_impl || enc_impl)) { - s2 = zip_source_window(za, src, start, len ? len : st.size-start); + if (partial_data && (needs_decrypt || needs_decompress)) { + s2 = zip_source_window(za, src, start, len); zip_source_free(src); if (s2 == NULL) { return NULL; |