diff options
author | wtc%google.com <devnull@localhost> | 2008-09-05 23:14:24 +0000 |
---|---|---|
committer | wtc%google.com <devnull@localhost> | 2008-09-05 23:14:24 +0000 |
commit | 161af87ece430a6f811e7eef36cdc6f166d15e17 (patch) | |
tree | 13e6fcd370d778ba41168b1e2346a7c71c1a84bf /security/nss | |
parent | 3acecf635ba326e42d4441e23a15bd25d3a63042 (diff) | |
download | nss-hg-161af87ece430a6f811e7eef36cdc6f166d15e17.tar.gz |
Bug 302670: add an extra dummy byte at the end to support zlib 1.1.4.
r=nelson.
Diffstat (limited to 'security/nss')
-rw-r--r-- | security/nss/lib/jar/jarfile.c | 22 |
1 files changed, 15 insertions, 7 deletions
diff --git a/security/nss/lib/jar/jarfile.c b/security/nss/lib/jar/jarfile.c index fc3ed2ae9..9ba5902e6 100644 --- a/security/nss/lib/jar/jarfile.c +++ b/security/nss/lib/jar/jarfile.c @@ -360,7 +360,8 @@ static int jar_physical_inflate unsigned long prev_total, ochunk, tin; - if ((inbuf = (char *) PORT_ZAlloc (ICHUNK)) == NULL) + /* Raw inflate in zlib 1.1.4 needs an extra dummy byte at the end */ + if ((inbuf = (char *) PORT_ZAlloc (ICHUNK + 1)) == NULL) return JAR_ERR_MEMORY; if ((outbuf = (char *) PORT_ZAlloc (OCHUNK)) == NULL) @@ -400,6 +401,12 @@ static int jar_physical_inflate at += chunk; + if (at == length) + { + /* add an extra dummy byte at the end */ + inbuf[chunk++] = 0xDD; + } + zs.next_in = (Bytef *) inbuf; zs.avail_in = chunk; zs.avail_out = OCHUNK; @@ -676,17 +683,16 @@ static int jar_extract_mf (JAR *jar, jarArch format, JAR_FILE fp, char *ext) continue; } - if (phy->length == 0) + if (phy->length == 0 || phy->length > 0xFFFF) { - /* manifest files cannot be zero length! */ + /* manifest files cannot be zero length or too big! */ + /* the 0xFFFF limit is per J2SE SDK */ return JAR_ERR_CORRUPT; } /* Read in the manifest and parse it */ - /* limit is per J2SE SDK */ - if (phy->length <= 0xFFFF) { - manifest = (char ZHUGEP *) PORT_ZAlloc (phy->length + 1); - } + /* Raw inflate in zlib 1.1.4 needs an extra dummy byte at the end */ + manifest = (char ZHUGEP *) PORT_ZAlloc (phy->length + 1); if (manifest) { JAR_FSEEK (fp, phy->offset, (PRSeekWhence)0); @@ -702,6 +708,8 @@ static int jar_extract_mf (JAR *jar, jarArch format, JAR_FILE fp, char *ext) if (phy->compression == 8) { length = phy->length; + /* add an extra dummy byte at the end */ + manifest[length++] = 0xDD; status = jar_inflate_memory ((unsigned int) phy->compression, &length, phy->uncompressed_length, &manifest); |