Reject overflows of zip header fields in minizip compat

This checks the lengths of the file name, and comment that would be put in the zip headers, and rejects them if they are too long. They are each limited to 65535 bytes in length by the zip format. This also avoids possible buffer overflows if the provided fields are too long. See #736.
2025-03-28 21:13:18 +00:00 · 2023-08-18 11:05:33 +02:00 · 2023-08-18 11:05:33 +02:00 · 2c2d6e5940
commit 2c2d6e5940
parent ef3ef9a4b8
1 changed files with 6 additions and 0 deletions
--- a/mz_compat.c
+++ b/mz_compat.c
@ -463,6 +463,12 @@ int zipOpenNewFileInZip5(zipFile file, const char *filename, const zip_fileinfo
    if (!compat)
        return ZIP_PARAMERROR;

+    // The filename and comment length must fit in 16 bits.
+    if (filename && strlen(filename) > 0xffff)
+        return ZIP_PARAMERROR;
+    if (comment && strlen(comment) > 0xffff)
+        return ZIP_PARAMERROR;
+
    memset(&file_info, 0, sizeof(file_info));

    if (zipfi) {