Skip to content

Commit d3f5d7b

Browse files
5saviahv5saviahv
authored
Merge pull request #483 from criyle/disk_entries
zipFile: add check for invalid large disk entries
2 parents 3b154d2 + 502bebb commit d3f5d7b

File tree

4 files changed

+21
-0
lines changed

4 files changed

+21
-0
lines changed

test/assets/large_directory_size.zip

86 Bytes
Binary file not shown.

test/large_directory_size/large_directory_size.test.js

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,17 @@
1+
"use strict";
2+
3+
const assert = require("assert");
4+
const path = require("path");
5+
const Zip = require("../../adm-zip");
6+
7+
describe("read zip file header with invalid large number of entries", () => {
8+
it("throws too large error", () => {
9+
// this zip file reports 2147483648 disk entry count which is impossible
10+
const zip = new Zip(path.join(__dirname, "../assets/large_directory_size.zip"));
11+
// assert that the following call throws an exception
12+
assert.throws(() => {
13+
zip.getEntries();
14+
}, new Error("Number of disk entries is too large"));
15+
});
16+
});
17+

util/errors.js

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -25,6 +25,7 @@ module.exports = {
2525
/* ADM-ZIP error messages */
2626
CANT_EXTRACT_FILE: "Could not extract the file",
2727
CANT_OVERRIDE: "Target file already exists",
28+
DISK_ENTRY_TOO_LARGE: "Number of disk entries is too large",
2829
NO_ZIP: "No zip file was loaded",
2930
NO_ENTRY: "Entry doesn't exist",
3031
DIRECTORY_CONTENT_ERROR: "A directory cannot have content",

zipFile.js

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -43,6 +43,9 @@ module.exports = function (/*Buffer|null*/ inBuffer, /** object */ options) {
4343
function readEntries() {
4444
loadedEntries = true;
4545
entryTable = {};
46+
if (mainHeader.diskEntries > (inBuffer.length - mainHeader.offset) / Utils.Constants.CENHDR) {
47+
throw new Error(Utils.Errors.DISK_ENTRY_TOO_LARGE);
48+
}
4649
entryList = new Array(mainHeader.diskEntries); // total number of entries
4750
var index = mainHeader.offset; // offset of first CEN header
4851
for (var i = 0; i < entryList.length; i++) {

0 commit comments

Comments
 (0)