Reject zip archives with entry names containing \0.

There should never be a need of an entry name with \0 character. Bug: 16162465 Change-Id: Ia2ec57959280c1bb972c4d59d890c8540c5b9081
S5-13 · Aug 19, 2014 · 78271ba · 78271ba
1 parent 7fb0ee0
commit 78271ba
Showing 1 changed file with 7 additions and 1 deletion.
diff --git a/libziparchive/zip_archive.cc b/libziparchive/zip_archive.cc
@@ -640,9 +640,15 @@ static int32_t ParseZipArchive(ZipArchive* archive) {
     const uint16_t file_name_length = cdr->file_name_length;
     const uint16_t extra_length = cdr->extra_field_length;
     const uint16_t comment_length = cdr->comment_length;
+    const uint8_t* file_name = ptr + sizeof(CentralDirectoryRecord);
+
+    /* check that file name doesn't contain \0 character */
+    if (memchr(file_name, 0, file_name_length) != NULL) {
+      ALOGW("Zip: entry name can't contain \\0 character");
+      goto bail;
+    }
 
     /* add the CDE filename to the hash table */
-    const uint8_t* file_name = ptr + sizeof(CentralDirectoryRecord);
     ZipEntryName entry_name;
     entry_name.name = file_name;
     entry_name.name_length = file_name_length;