public/ZipArchive
9
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Added bad password detection for AES from minizip master

Browse Source
This commit is contained in:
Felix Ritter
2016-11-05 15:19:45 +01:00
parent 46ebe69295
commit df48275b02
2 changed files with 9 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
SSZipArchive/minizip/unzip.c
+8 -4
View File
@@ -1190,7 +1190,8 @@ extern int ZEXPORT unzOpenCurrentFile3(unzFile file, int *method, int *level, in
return UNZ_INTERNALERROR;
#ifdef HAVE_AES
if (s->cur_file_info.compression_method == AES_METHOD) {
unsigned char passverify[AES_PWVERIFYSIZE];
unsigned char passverify_archive[AES_PWVERIFYSIZE];
unsigned char passverify_password[AES_PWVERIFYSIZE];
unsigned char saltvalue[AES_MAXSALTLENGTH];
uInt saltlength;
@@ -1202,11 +1203,14 @@ extern int ZEXPORT unzOpenCurrentFile3(unzFile file, int *method, int *level, in
if (ZREAD64(s->z_filefunc, s->filestream, saltvalue, saltlength) != saltlength)
return UNZ_INTERNALERROR;
if (ZREAD64(s->z_filefunc, s->filestream, passverify, AES_PWVERIFYSIZE) != AES_PWVERIFYSIZE)
if (ZREAD64(s->z_filefunc, s->filestream, passverify_archive, AES_PWVERIFYSIZE) != AES_PWVERIFYSIZE)
return UNZ_INTERNALERROR;
fcrypt_init((int)s->cur_file_info_internal.aes_encryption_mode, (unsigned char *)password, (unsigned int)strlen(password), saltvalue,
passverify, &s->pfile_in_zip_read->aes_ctx);
fcrypt_init(s->cur_file_info_internal.aes_encryption_mode, password, strlen(password), saltvalue,
passverify_password, &s->pfile_in_zip_read->aes_ctx);
if (memcmp(passverify_archive, passverify_password, AES_PWVERIFYSIZE) != 0)
return UNZ_BADPASSWORD;
pfile_in_zip_read_info->rest_read_compressed -= saltlength + AES_PWVERIFYSIZE;
pfile_in_zip_read_info->rest_read_compressed -= AES_AUTHCODESIZE;