Check the EOCD length against the actual buffer size to detect corruption in the EOCD and to avoid reading over the end of the file. Default argument is still zero to allow for compatibility.
In the XrdClZipArchive's OpenArchive method, the call to the EOCD constructor catches the bad_data error.
Additionally added a check of the "cdOffset" and "cdSize" attributes of the EOCD object against the archive size.
In case of failure, the OpenArchive operation is stopped and returns an error status.
https://github.com/xrootd/xrootd/pull/1744
(2 files)
—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you are subscribed to this thread.
Use REPLY-ALL to reply to list
To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1