LISTSERV 16.5 - XROOTD-DEV Archives

Check the EOCD length against the actual buffer size to detect corruption in the EOCD and to avoid reading over the end of the file. Default argument is still zero to allow for compatibility.
In the XrdClZipArchive's OpenArchive method, the call to the EOCD constructor catches the bad_data error.
Additionally added a check of the "cdOffset" and "cdSize" attributes of the EOCD object against the archive size.
In case of failure, the OpenArchive operation is stopped and returns an error status.

You can view, comment on, or merge this pull request online at:

https://github.com/xrootd/xrootd/pull/1744

Commit Summary

4bb48b7 Added a maxSize of the EOCD constructor to detect corruption in the EOCD and to avoid reading over end of file

File Changes

(2 files)

M src/XrdCl/XrdClZipArchive.cc (9)
M src/XrdZip/XrdZipEOCD.hh (3)

Patch Links:

—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you are subscribed to this thread.

[ { "@context": "http://schema.org", "@type": "EmailMessage", "potentialAction": { "@type": "ViewAction", "target": "https://github.com/xrootd/xrootd/pull/1744", "url": "https://github.com/xrootd/xrootd/pull/1744", "name": "View Pull Request" }, "description": "View this Pull Request on GitHub", "publisher": { "@type": "Organization", "name": "GitHub", "url": "https://github.com" } } ]

Use REPLY-ALL to reply to list

To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1