diff options
| -rw-r--r-- | ojluni/src/main/native/zip_util.c | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/ojluni/src/main/native/zip_util.c b/ojluni/src/main/native/zip_util.c index aa9c5cede9..16951a78ed 100644 --- a/ojluni/src/main/native/zip_util.c +++ b/ojluni/src/main/native/zip_util.c @@ -878,6 +878,17 @@ ZIP_Put_In_Cache0(const char *name, ZFILE zfd, char **pmsg, jlong lastModified, zip->locsig = JNI_TRUE; else zip->locsig = JNI_FALSE; + + // BEGIN Android-changed: do not accept files with invalid header. + if (GETSIG(errbuf) != LOCSIG && GETSIG(errbuf) != ENDSIG) { + if (pmsg) { + *pmsg = strdup("Entry at offset zero has invalid LFH signature."); + } + ZFILE_Close(zfd); + freeZip(zip); + return NULL; + } + // END Android-changed: do not accept files with invalid header. } // This lseek is safe because it happens during construction of the ZipFile |