summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorChristophe Grenier <grenier@cgsecurity.org>2020-06-18 19:17:15 +0200
committerChristophe Grenier <grenier@cgsecurity.org>2020-06-18 19:17:15 +0200
commit49cd8dbd9dcc04893c491f14672911e0a7dac824 (patch)
treedaaf9feddfbdfa6a73209f99491a37938906a34c
parent069da2d664d94044350ff78d439b93b3e65b0b47 (diff)
PhotoRec: stricter check for zip files
-rw-r--r--src/file_zip.c15
1 files changed, 9 insertions, 6 deletions
diff --git a/src/file_zip.c b/src/file_zip.c
index f80d461..c80ea59 100644
--- a/src/file_zip.c
+++ b/src/file_zip.c
@@ -83,8 +83,8 @@ struct zip_file_entry {
uint16_t unused1:2; /** Unused */
uint16_t compression; /** Compression method */
- uint16_t last_mod_time; /** Last moditication file time */
- uint16_t last_mod_date; /** Last moditication file date */
+ uint16_t last_mod_time; /** Last modification file time */
+ uint16_t last_mod_date; /** Last modification file date */
uint32_t crc32; /** CRC32 */
uint32_t compressed_size; /** Compressed size */
uint32_t uncompressed_size; /** Uncompressed size */
@@ -989,7 +989,7 @@ static void file_rename_zip(file_recovery_t *file_recovery)
@ ensures (\result == 1) ==> (file_recovery_new->file_stat == \null);
@ ensures (\result == 1) ==> (file_recovery_new->handle == \null);
@ ensures (\result == 1) ==> (file_recovery_new->time == 0);
- @ ensures (\result == 1) ==> (file_recovery_new->min_filesize == 21);
+ @ ensures (\result == 1) ==> (file_recovery_new->min_filesize == 30);
@ ensures (\result == 1) ==> (file_recovery_new->calculated_file_size == 0);
@ ensures (\result == 1) ==> (file_recovery_new->file_size == 0);
@ ensures (\result == 1) ==> (file_recovery_new->data_check == \null);
@@ -1005,6 +1005,10 @@ static int header_check_zip(const unsigned char *buffer, const unsigned int buff
#ifdef DEBUG_ZIP
log_trace("header_check_zip\n");
#endif
+ if(len==0 || len > 4096)
+ return 0;
+ if(le16(file->version) < 10)
+ return 0;
#ifndef MAIN_zip
if(file_recovery->file_stat!=NULL &&
file_recovery->file_stat->file_hint==&file_hint_doc)
@@ -1023,7 +1027,7 @@ static int header_check_zip(const unsigned char *buffer, const unsigned int buff
return 0;
}
reset_file_recovery(file_recovery_new);
- file_recovery_new->min_filesize=21;
+ file_recovery_new->min_filesize=30; /* 4+sizeof(file) == 30 */
file_recovery_new->file_check=&file_check_zip;
if(len==8 && memcmp(&buffer[30],"mimetype",8)==0)
{
@@ -1148,7 +1152,6 @@ int main()
{
const char fn[] = "recup_dir.1/f0000000.zip";
unsigned char buffer[BLOCKSIZE];
- int res;
file_recovery_t file_recovery_new;
file_recovery_t file_recovery;
file_stat_t file_stats;
@@ -1181,7 +1184,7 @@ int main()
memcpy(file_recovery_new.filename, fn, sizeof(fn));
file_recovery_new.file_stat=&file_stats;
/*@ assert valid_read_string((char *)file_recovery_new.filename); */
- /*@ assert file_recovery_new.min_filesize == 21; */
+ /*@ assert file_recovery_new.min_filesize == 30; */
/*@ assert file_recovery_new.file_check == &file_check_zip || file_recovery_new.file_check == \null; */
/*@ assert file_recovery_new.file_stat->file_hint!=NULL; */
{