public/ZipArchive
8
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #213 from AlexUnique/master

Browse Source 
Mitigate potential memory-allocation related flaws
This commit is contained in:
Joshua Hudson
2015-12-02 13:07:31 -08:00
parent 644dedb048 e97354433e
commit 9d277af7e9
2 changed files with 16 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
SSZipArchive/SSZipArchive.m
+11 -2
View File
@@ -177,6 +177,11 @@
}
char *filename = (char *)malloc(fileInfo.size_filename + 1);
if (filename == NULL)
{
return NO;
}
unzGetCurrentFileInfo(zip, &fileInfo, filename, fileInfo.size_filename + 1, NULL, 0, NULL, 0);
filename[fileInfo.size_filename] = '\0';
@@ -596,9 +601,13 @@
}
}
zipOpenNewFileInZip3(_zip, afileName, &zipInfo, NULL, 0, NULL, 0, NULL, Z_DEFLATED, Z_DEFAULT_COMPRESSION, 0, -MAX_WBITS, DEF_MEM_LEVEL, Z_DEFAULT_STRATEGY, [password UTF8String], 0);
void *buffer = malloc(CHUNK);
if (buffer == NULL)
{
return NO;
}
zipOpenNewFileInZip3(_zip, afileName, &zipInfo, NULL, 0, NULL, 0, NULL, Z_DEFLATED, Z_DEFAULT_COMPRESSION, 0, -MAX_WBITS, DEF_MEM_LEVEL, Z_DEFAULT_STRATEGY, [password UTF8String], 0);
unsigned int len = 0;
while (!feof(input))
SSZipArchive/minizip/zip.c
+5
View File
@@ -828,6 +828,8 @@ extern zipFile ZEXPORT zipOpen4(const void *pathname, int append, ZPOS64_T disk_
size_central_dir_to_read = size_central_dir;
buf_size = SIZEDATA_INDATABLOCK;
buf_read = (void *)ALLOC(buf_size);
if (buf_read == NULL)
err = ZIP_INTERNALERROR;
if (ZSEEK64(ziinit.z_filefunc, ziinit.filestream,
offset_central_dir + byte_before_the_zipfile, ZLIB_FILEFUNC_SEEK_SET) != 0)
@@ -1031,6 +1033,9 @@ extern int ZEXPORT zipOpenNewFileInZip4_64(zipFile file, const char *filename, c
zi->ci.size_centralextrafree += 11; /* Extra space reserved for AES extra info */
#endif
zi->ci.central_header = (char *)ALLOC((uInt)zi->ci.size_centralheader + zi->ci.size_centralextrafree + size_comment);
if (zi->ci.central_header == NULL)
return ZIP_INTERNALERROR;
zi->ci.number_disk = zi->number_disk;
/* Write central directory header */