8341625: Improve ZipFile validation of the END header #21384
Conversation
|
👋 Welcome back eirbjo! A progress list of the required criteria for merging this PR into |
|
@eirbjo This change now passes all automated pre-integration checks. ℹ️ This project also has non-automated pre-integration requirements. Please see the file CONTRIBUTING.md for details. After integration, the commit message for the final commit will be: You can use pull request commands such as /summary, /contributor and /issue to adjust it as needed. At the time when this comment was updated there had been 122 new commits pushed to the
As there are no conflicts, your changes will automatically be rebased on top of these commits when integrating. If you prefer to avoid this automatic rebasing, please check the documentation for the /integrate command for further details. ➡️ To integrate this PR with the above commit message to the |
Webrevs
|
| * 000274 clen 0 | ||
| */ | ||
|
|
||
| byte[] zipBytes = HexFormat.of().parseHex(""" |
There was a problem hiding this comment.
It might be beneficial to future readers to provide the steps used to create the hex string in the format you have provided.
There was a problem hiding this comment.
It might be beneficial to future readers to provide the steps used to create the hex string in the format you have provided.
The test vector was crafted using a ZIP test library not available in OpenJDK.
I have replaced that with a test vector which is easily reproduced using InfoZIP. Take a look at the updated test.
openjdk
bot
removed
ready
|
I figured it would make sense to also reject "negative" values. These are not actually negative, just values larger than See the 11a275d for the conversion to JUnit 5 and 0f0801c which makes the test parameterized to verify that a bunch of bad entry count values are rejected. |
No harm, with the extra validation IMHO |
|
/integrate |
|
Going to push as commit 950e3a7.
Your commit was automatically rebased without conflicts. |
openjdk
bot
removed
ready
2 participants
Please review this PR which adds validation of the 'total entries' value when fetched from the 'ZIP64 End of Central Directory' header.
We should reject this value under the following conditions:
int[] entriesarray safely (max value isArraysSupport.SOFT_MAX_ARRAY_LENGTH / 3)I claim that condition 2 here is already implicitly validated by the current maximum CEN size validation. (A CEN encoding such a large number of entries would exceed the maximum CEN size a lot and would already be rejected)
This change aims to protect the integrity of the implementation against specially crafted ZIP files. No sane ZIP tool will produce such files.
Testing:
This PR adds a test
EndOfCenValidation.shouldRejectBadTotalEntrieswhich exercises the first condition above.ZIP tests run locally. GHA results pending.
Progress
Issue
Reviewers
Reviewing
Using
gitCheckout this PR locally:
$ git fetch https://git.openjdk.org/jdk.git pull/21384/head:pull/21384$ git checkout pull/21384Update a local copy of the PR:
$ git checkout pull/21384$ git pull https://git.openjdk.org/jdk.git pull/21384/headUsing Skara CLI tools
Checkout this PR locally:
$ git pr checkout 21384View PR using the GUI difftool:
$ git pr show -t 21384Using diff file
Download this PR as a diff file:
https://git.openjdk.org/jdk/pull/21384.diff
Webrev
Link to Webrev Comment