From 52c4cf90dca282840154eca035c4d469ec280e4e Mon Sep 17 00:00:00 2001 From: zhu-yiming021 Date: Mon, 23 Oct 2023 04:40:10 -0400 Subject: [PATCH] fix cve-2023-45853 Signed-off-by: zhu-yiming021 --- zlib/BUILD.gn | 1 + zlib/contrib/minizip/zip.c | 11 +++++++++++ zlib/contrib/tests/DEPS | 1 + 3 files changed, 13 insertions(+) diff --git a/zlib/BUILD.gn b/zlib/BUILD.gn index ce35b6db2..8a5a94e14 100644 --- a/zlib/BUILD.gn +++ b/zlib/BUILD.gn @@ -491,6 +491,7 @@ if (build_with_chromium) { data = [ "google/test/data/" ] deps = [ + ":minizip", ":zlib", "google:compression_utils", "google:zip", diff --git a/zlib/contrib/minizip/zip.c b/zlib/contrib/minizip/zip.c index 65c0c7251..23b007324 100644 --- a/zlib/contrib/minizip/zip.c +++ b/zlib/contrib/minizip/zip.c @@ -1083,6 +1083,17 @@ extern int ZEXPORT zipOpenNewFileInZip4_64 (zipFile file, const char* filename, return ZIP_PARAMERROR; #endif + // The filename and comment length must fit in 16 bits + if ((filename!=NULL) && (strlen(filename)>0xffff)) + return ZIP_PARAMERROR; + if ((comment!=NULL) && (strlen(comment)>0xffff)) + return ZIP_PARAMERROR; + // The extra field length must fit in 16 bits. If the member also requires + // a Zip64 extra block, that will also need to fit within that 16-bit + // length, but that will be checked for later. + if ((size_extrafield_local>0xffff) || (size_extrafield_global>0xffff)) + return ZIP_PARAMERROR; + zi = (zip64_internal*)file; if (zi->in_opened_file_inzip == 1) diff --git a/zlib/contrib/tests/DEPS b/zlib/contrib/tests/DEPS index 427517406..98e030561 100644 --- a/zlib/contrib/tests/DEPS +++ b/zlib/contrib/tests/DEPS @@ -1,4 +1,5 @@ include_rules = [ "+testing/gtest", + "+thrid_party/zlib/contrib/minizip", "+base", ] -- Gitee