archive/zip: handle pre-zip64 zip files containing 2³²-1-byte content

This corrects a regression from Go 1.5 introduced by CL 18317.

Fixes #14185.

Change-Id: Ic3215714846d9f28809cd04e3eb3664b599244f4
Reviewed-on: https://go-review.googlesource.com/19151
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>

1 files changed, 11 insertions, 1 deletions

diff --git a/src/archive/zip/reader.go b/src/archive/zip/reader.go
index 84a9d41888..10e8172875 100644
--- a/src/archive/zip/reader.go
+++ b/src/archive/zip/reader.go
@@ -330,7 +330,17 @@ func readDirectoryHeader(f *File, r io.Reader) error {
 		}
 	}
 
-	if needUSize || needCSize || needHeaderOffset {
+	// Assume that uncompressed size 2³²-1 could plausibly happen in
+	// an old zip32 file that was sharding inputs into the largest chunks
+	// possible (or is just malicious; search the web for 42.zip).
+	// If needUSize is true still, it means we didn't see a zip64 extension.
+	// As long as the compressed size is not also 2³²-1 (implausible)
+	// and the header is not also 2³²-1 (equally implausible),
+	// accept the uncompressed size 2³²-1 as valid.
+	// If nothing else, this keeps archive/zip working with 42.zip.
+	_ = needUSize
+
+	if needCSize || needHeaderOffset {
 		return ErrFormat
 	}