diff --git a/SSZipArchive/minizip/unzip.c b/SSZipArchive/minizip/unzip.c index 4b8eabc..35aaf88 100755 --- a/SSZipArchive/minizip/unzip.c +++ b/SSZipArchive/minizip/unzip.c @@ -1190,7 +1190,8 @@ extern int ZEXPORT unzOpenCurrentFile3(unzFile file, int *method, int *level, in return UNZ_INTERNALERROR; #ifdef HAVE_AES if (s->cur_file_info.compression_method == AES_METHOD) { - unsigned char passverify[AES_PWVERIFYSIZE]; + unsigned char passverify_archive[AES_PWVERIFYSIZE]; + unsigned char passverify_password[AES_PWVERIFYSIZE]; unsigned char saltvalue[AES_MAXSALTLENGTH]; uInt saltlength; @@ -1202,11 +1203,14 @@ extern int ZEXPORT unzOpenCurrentFile3(unzFile file, int *method, int *level, in if (ZREAD64(s->z_filefunc, s->filestream, saltvalue, saltlength) != saltlength) return UNZ_INTERNALERROR; - if (ZREAD64(s->z_filefunc, s->filestream, passverify, AES_PWVERIFYSIZE) != AES_PWVERIFYSIZE) + if (ZREAD64(s->z_filefunc, s->filestream, passverify_archive, AES_PWVERIFYSIZE) != AES_PWVERIFYSIZE) return UNZ_INTERNALERROR; - fcrypt_init((int)s->cur_file_info_internal.aes_encryption_mode, (unsigned char *)password, (unsigned int)strlen(password), saltvalue, - passverify, &s->pfile_in_zip_read->aes_ctx); + fcrypt_init(s->cur_file_info_internal.aes_encryption_mode, password, strlen(password), saltvalue, + passverify_password, &s->pfile_in_zip_read->aes_ctx); + + if (memcmp(passverify_archive, passverify_password, AES_PWVERIFYSIZE) != 0) + return UNZ_BADPASSWORD; pfile_in_zip_read_info->rest_read_compressed -= saltlength + AES_PWVERIFYSIZE; pfile_in_zip_read_info->rest_read_compressed -= AES_AUTHCODESIZE; diff --git a/SSZipArchive/minizip/unzip.h b/SSZipArchive/minizip/unzip.h index 7b614ff..d6954d3 100755 --- a/SSZipArchive/minizip/unzip.h +++ b/SSZipArchive/minizip/unzip.h @@ -57,6 +57,7 @@ typedef voidp unzFile; #define UNZ_BADZIPFILE (-103) #define UNZ_INTERNALERROR (-104) #define UNZ_CRCERROR (-105) +#define UNZ_BADPASSWORD (-106) /***************************************************************************/