diff options
author | Russ Cox <rsc@golang.org> | 2016-02-01 22:02:52 -0500 |
---|---|---|
committer | Russ Cox <rsc@golang.org> | 2016-02-02 16:36:59 +0000 |
commit | b6c5edae7c0e9dd6d12dbb8f1c9638dea45f9464 (patch) | |
tree | abf6fe0c3e48ef57f486b23d6bd001a7076d897e /src/archive/zip/reader.go | |
parent | 8de7563acd813e742bcf7db0a6ab19203dbf6b28 (diff) | |
download | go-b6c5edae7c0e9dd6d12dbb8f1c9638dea45f9464.tar.gz go-b6c5edae7c0e9dd6d12dbb8f1c9638dea45f9464.zip |
archive/zip: handle pre-zip64 zip files containing 2³²-1-byte content
This corrects a regression from Go 1.5 introduced by CL 18317.
Fixes #14185.
Change-Id: Ic3215714846d9f28809cd04e3eb3664b599244f4
Reviewed-on: https://go-review.googlesource.com/19151
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Diffstat (limited to 'src/archive/zip/reader.go')
-rw-r--r-- | src/archive/zip/reader.go | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/src/archive/zip/reader.go b/src/archive/zip/reader.go index 84a9d41888..10e8172875 100644 --- a/src/archive/zip/reader.go +++ b/src/archive/zip/reader.go @@ -330,7 +330,17 @@ func readDirectoryHeader(f *File, r io.Reader) error { } } - if needUSize || needCSize || needHeaderOffset { + // Assume that uncompressed size 2³²-1 could plausibly happen in + // an old zip32 file that was sharding inputs into the largest chunks + // possible (or is just malicious; search the web for 42.zip). + // If needUSize is true still, it means we didn't see a zip64 extension. + // As long as the compressed size is not also 2³²-1 (implausible) + // and the header is not also 2³²-1 (equally implausible), + // accept the uncompressed size 2³²-1 as valid. + // If nothing else, this keeps archive/zip working with 42.zip. + _ = needUSize + + if needCSize || needHeaderOffset { return ErrFormat } |