Do not accept zip files with invalid headers.
According to Section 4.3.6 in [1] non-empty zip file starts with
local file header. 4.3.1 allows empty files, and in such case
file starts with "end of central directory record".
This aligns ZipFile with libziparchive modulo empty zip files -
libziparchive rejects them.
Tests are skipped because udc-dev branch uses ART module
prebuilts, but builds tests from sources which leads to presubmit
failures.
Ignore-AOSP-First: b/309938635#comment1
[1] https://pkwaredownloads.blob.core.windows.net/pem/APPNOTE.txt
Bug: 309938635
Test: CtsLibcoreTestCases
Test: CtsLibcoreOjTestCases
(cherry picked from commit c7b495dc8c466de602cd7b78468864acd6b2f9b3)
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:4ee0654067678ec7c52582bdef586ff15a525f47)
Merged-In: I545cdd49ec3cc138331145f4716c8148662a478b
Change-Id: I545cdd49ec3cc138331145f4716c8148662a478b
diff --git a/ojluni/src/main/native/zip_util.c b/ojluni/src/main/native/zip_util.c
index 2b63d6b..1c1f45b 100644
--- a/ojluni/src/main/native/zip_util.c
+++ b/ojluni/src/main/native/zip_util.c
@@ -958,6 +958,17 @@
// Assumption, zfd refers to start of file. Trivially, reuse errbuf.
if (readFullyAt(zfd, errbuf, 4, 0 /* offset */) != -1) { // errors will be handled later
zip->locsig = LOCSIG_AT(errbuf) ? JNI_TRUE : JNI_FALSE;
+
+ // BEGIN Android-changed: do not accept files with invalid header.
+ if (!LOCSIG_AT(errbuf) && !ENDSIG_AT(errbuf)) {
+ if (pmsg) {
+ *pmsg = strdup("Entry at offset zero has invalid LFH signature.");
+ }
+ ZFILE_Close(zfd);
+ freeZip(zip);
+ return NULL;
+ }
+ // END Android-changed: do not accept files with invalid header.
}
// This lseek is safe because it happens during construction of the ZipFile