am 8fd1f27e: Merge "Reject zip archives with entry names containing \0."

* commit '8fd1f27ed866169684f44f24aeaa5c4722427d18':
  Reject zip archives with entry names containing \0.

1 files changed, 7 insertions, 1 deletions

diff --git a/libziparchive/zip_archive.cc b/libziparchive/zip_archive.cc
index 5f9dc8d..d5d4700 100644
--- a/libziparchive/zip_archive.cc
+++ b/libziparchive/zip_archive.cc
@@ -640,9 +640,15 @@ static int32_t ParseZipArchive(ZipArchive* archive) {
     const uint16_t file_name_length = cdr->file_name_length;
     const uint16_t extra_length = cdr->extra_field_length;
     const uint16_t comment_length = cdr->comment_length;
+    const uint8_t* file_name = ptr + sizeof(CentralDirectoryRecord);
+
+    /* check that file name doesn't contain \0 character */
+    if (memchr(file_name, 0, file_name_length) != NULL) {
+      ALOGW("Zip: entry name can't contain \\0 character");
+      goto bail;
+    }
 
     /* add the CDE filename to the hash table */
-    const uint8_t* file_name = ptr + sizeof(CentralDirectoryRecord);
     ZipEntryName entry_name;
     entry_name.name = file_name;
     entry_name.name_length = file_name_length;