2 https://git.busybox.net/busybox/commit/?id=0ccf52a9fb9fa2f76eacbb6f1ef8419220557a40
4 https://bugs.busybox.net/show_bug.cgi?id=8821
6 diff --git a/archival/unzip.c b/archival/unzip.c
7 index f41ab6f..b0a6ca8 100644
12 #include "bb_archive.h"
15 +# define dbg(...) bb_error_msg(__VA_ARGS__)
17 +# define dbg(...) ((void)0)
22 ZIP_FILEHEADER_MAGIC = 0x504b0304,
23 @@ -193,15 +199,17 @@ static uint32_t find_cdf_offset(void)
26 unsigned char *buf = xzalloc(PEEK_FROM_END);
29 end = xlseek(zip_fd, 0, SEEK_END);
33 - xlseek(zip_fd, end, SEEK_SET);
34 + dbg("Looking for cdf_offset starting from 0x%"OFF_FMT"x", end);
35 + xlseek(zip_fd, end, SEEK_SET);
36 full_read(zip_fd, buf, PEEK_FROM_END);
38 - cde_header.formatted.cdf_offset = BAD_CDF_OFFSET;
39 + found = BAD_CDF_OFFSET;
41 while (p <= buf + PEEK_FROM_END - CDE_HEADER_LEN - 4) {
43 @@ -220,14 +228,25 @@ static uint32_t find_cdf_offset(void)
45 * I've seen .ZIP files with seemingly valid CDEs
46 * where cdf_offset points past EOF - ??
48 + * This check ignores such CDEs:
50 - if (cde_header.formatted.cdf_offset < end + (p - buf))
52 - cde_header.formatted.cdf_offset = BAD_CDF_OFFSET;
53 + if (cde_header.formatted.cdf_offset < end + (p - buf)) {
54 + found = cde_header.formatted.cdf_offset;
55 + dbg("Possible cdf_offset:0x%x at 0x%"OFF_FMT"x",
56 + (unsigned)found, end + (p-3 - buf));
57 + dbg(" cdf_offset+cdf_size:0x%x",
58 + (unsigned)(found + SWAP_LE32(cde_header.formatted.cdf_size)));
60 + * We do not "break" here because only the last CDE is valid.
61 + * I've seen a .zip archive which contained a .zip file,
62 + * uncompressed, and taking the first CDE was using
63 + * the CDE inside that file!
68 - return cde_header.formatted.cdf_offset;
69 + dbg("Found cdf_offset:0x%x", (unsigned)found);
73 static uint32_t read_next_cdf(uint32_t cdf_offset, cdf_header_t *cdf_ptr)
74 @@ -240,9 +259,13 @@ static uint32_t read_next_cdf(uint32_t cdf_offset, cdf_header_t *cdf_ptr)
75 cdf_offset = find_cdf_offset();
77 if (cdf_offset != BAD_CDF_OFFSET) {
78 + dbg("Reading CDF at 0x%x", (unsigned)cdf_offset);
79 xlseek(zip_fd, cdf_offset + 4, SEEK_SET);
80 xread(zip_fd, cdf_ptr->raw, CDF_HEADER_LEN);
81 FIX_ENDIANNESS_CDF(*cdf_ptr);
82 + dbg("file_name_length:%u", (unsigned)cdf_ptr->formatted.file_name_length);
83 + dbg("extra_field_length:%u", (unsigned)cdf_ptr->formatted.extra_field_length);
84 + dbg("file_comment_length:%u", (unsigned)cdf_ptr->formatted.file_comment_length);
85 cdf_offset += 4 + CDF_HEADER_LEN
86 + cdf_ptr->formatted.file_name_length
87 + cdf_ptr->formatted.extra_field_length
88 @@ -532,11 +555,14 @@ int unzip_main(int argc, char **argv)
89 /* Check magic number */
90 xread(zip_fd, &magic, 4);
91 /* Central directory? It's at the end, so exit */
92 - if (magic == ZIP_CDF_MAGIC)
93 + if (magic == ZIP_CDF_MAGIC) {
94 + dbg("got ZIP_CDF_MAGIC");
98 /* Data descriptor? It was a streaming file, go on */
99 if (magic == ZIP_DD_MAGIC) {
100 + dbg("got ZIP_DD_MAGIC");
101 /* skip over duplicate crc32, cmpsize and ucmpsize */
104 @@ -544,6 +570,7 @@ int unzip_main(int argc, char **argv)
106 if (magic != ZIP_FILEHEADER_MAGIC)
107 bb_error_msg_and_die("invalid zip magic %08X", (int)magic);
108 + dbg("got ZIP_FILEHEADER_MAGIC");
110 /* Read the file header */
111 xread(zip_fd, zip_header.raw, ZIP_HEADER_LEN);