|
|
@ -0,0 +1,21 @@ |
|
|
|
--- a/extract.c
|
|
|
|
+++ b/extract.c
|
|
|
|
@@ -1257,8 +1257,17 @@ static int extract_or_test_entrylist(__G
|
|
|
|
if (G.lrec.compression_method == STORED) { |
|
|
|
zusz_t csiz_decrypted = G.lrec.csize; |
|
|
|
|
|
|
|
- if (G.pInfo->encrypted)
|
|
|
|
+ if (G.pInfo->encrypted) {
|
|
|
|
+ if (csiz_decrypted <= 12) {
|
|
|
|
+ /* handle the error now to prevent unsigned overflow */
|
|
|
|
+ Info(slide, 0x401, ((char *)slide,
|
|
|
|
+ LoadFarStringSmall(ErrUnzipNoFile),
|
|
|
|
+ LoadFarString(InvalidComprData),
|
|
|
|
+ LoadFarStringSmall2(Inflate)));
|
|
|
|
+ return PK_ERR;
|
|
|
|
+ }
|
|
|
|
csiz_decrypted -= 12; |
|
|
|
+ }
|
|
|
|
if (G.lrec.ucsize != csiz_decrypted) { |
|
|
|
Info(slide, 0x401, ((char *)slide, |
|
|
|
LoadFarStringSmall2(WrnStorUCSizCSizDiff), |