Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8079841

Buffer underflow with empty zip entry names

    XMLWordPrintable

Details

    • Bug
    • Status: Resolved
    • P3
    • Resolution: Fixed
    • 8u25
    • 9
    • core-libs
    • None

    Backports

      Description

        zip_entry.c has a buffer underflow when a zip entry name is 0-length. It unilaterally checks for a slash at the end of the name, and if the name is empty, it checks at offset -1. Fix:


        --- a/src/java.base/share/native/libzip/zip_util.c Thu May 07 10:19:34 2015 -0700
        +++ b/src/java.base/share/native/libzip/zip_util.c Fri May 08 10:52:58 2015 -0700
        @@ -1206,7 +1206,7 @@
                 }
         
                 /* Slash is already there? */
        - if (name[ulen-1] == '/') {
        + if (ulen > 0 && name[ulen - 1] == '/') {
                     break;
                 }

        Attachments

          Issue Links

            Activity

              People

                jmanson Jeremy Manson
                jmanson Jeremy Manson
                Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved: