* lib/zip_source_*: Verify user-supplied data. --HG-- branch : HEAD
diff --git a/lib/zip_source_data.c b/lib/zip_source_data.c index 2ed3669..56bf512 100644 --- a/lib/zip_source_data.c +++ b/lib/zip_source_data.c
@@ -1,5 +1,5 @@ /* - $NiH: zip_source_data.c,v 1.17 2004/11/17 21:55:13 wiz Exp $ + $NiH: zip_source_data.c,v 1.1 2004/11/18 15:06:23 wiz Exp $ zip_source_data.c -- create zip data source from buffer Copyright (C) 1999, 2003, 2004 Dieter Baron and Thomas Klausner @@ -58,6 +58,9 @@ struct read_data *f; struct zip_source *zs; + if (za == NULL) + return NULL; + if (len < 0 || (data == NULL && len > 0)) { _zip_error_set(&za->error, ZIP_ER_INVAL, 0); return NULL;
diff --git a/lib/zip_source_file.c b/lib/zip_source_file.c index 52b86bb..8715625 100644 --- a/lib/zip_source_file.c +++ b/lib/zip_source_file.c
@@ -1,5 +1,5 @@ /* - $NiH: zip_source_file.c,v 1.14 2004/11/17 21:55:13 wiz Exp $ + $NiH: zip_source_file.c,v 1.1 2004/11/18 15:06:23 wiz Exp $ zip_source_file.c -- create data source from file Copyright (C) 1999, 2003, 2004 Dieter Baron and Thomas Klausner @@ -49,6 +49,14 @@ struct zip_source *zs; FILE *fp; + if (za == NULL) + return NULL; + + if (fname == NULL || start < 0 || len < -1) { + _zip_error_set(&za->error, ZIP_ER_INVAL, 0); + return NULL; + } + if ((fp=fopen(fname, "rb")) == NULL) { _zip_error_set(&za->error, ZIP_ER_OPEN, errno); return NULL;
diff --git a/lib/zip_source_filep.c b/lib/zip_source_filep.c index 8ebfb3a..71d03b9 100644 --- a/lib/zip_source_filep.c +++ b/lib/zip_source_filep.c
@@ -1,5 +1,5 @@ /* - $NiH: zip_source_filep.c,v 1.12 2004/11/17 21:55:13 wiz Exp $ + $NiH: zip_source_filep.c,v 1.1 2004/11/18 15:06:24 wiz Exp $ zip_source_filep.c -- create data source from FILE * Copyright (C) 1999, 2003, 2004 Dieter Baron and Thomas Klausner @@ -62,6 +62,14 @@ struct read_file *f; struct zip_source *zs; + if (za == NULL) + return NULL; + + if (file == NULL || start < 0 || len < -1) { + _zip_error_set(&za->error, ZIP_ER_INVAL, 0); + return NULL; + } + if ((f=(struct read_file *)malloc(sizeof(struct read_file))) == NULL) { _zip_error_set(&za->error, ZIP_ER_MEMORY, 0); return NULL;
diff --git a/lib/zip_source_function.c b/lib/zip_source_function.c index 083ecfc..746f9e3 100644 --- a/lib/zip_source_function.c +++ b/lib/zip_source_function.c
@@ -1,5 +1,5 @@ /* - $NiH: zip_source_function.c,v 1.17 2004/11/17 21:55:13 wiz Exp $ + $NiH: zip_source_function.c,v 1.1 2004/11/18 15:06:24 wiz Exp $ zip_source_function.c -- create zip data source from callback function Copyright (C) 1999, 2003, 2004 Dieter Baron and Thomas Klausner @@ -47,6 +47,9 @@ { struct zip_source *zs; + if (za == NULL) + return NULL; + if ((zs=malloc(sizeof(*zs))) == NULL) { _zip_error_set(&za->error, ZIP_ER_MEMORY, 0); return NULL;
diff --git a/lib/zip_source_zip.c b/lib/zip_source_zip.c index f3b23cb..02fc3a0 100644 --- a/lib/zip_source_zip.c +++ b/lib/zip_source_zip.c
@@ -1,5 +1,5 @@ /* - $NiH: zip_source_zip.c,v 1.24 2004/11/17 21:55:13 wiz Exp $ + $NiH: zip_source_zip.c,v 1.1 2004/11/18 15:06:24 wiz Exp $ zip_source_zip.c -- create data source from zip file Copyright (C) 1999, 2003, 2004 Dieter Baron and Thomas Klausner @@ -59,6 +59,14 @@ struct zip_source *zs; struct read_zip *p; + if (za == NULL) + return NULL; + + if (srcza == NULL || start < 0 || len < -1 || srcidx < 0 || srcidx >= srcza->nentry) { + _zip_error_set(&za->error, ZIP_ER_INVAL, 0); + return NULL; + } + if ((flags & ZIP_FL_UNCHANGED) == 0 && ZIP_ENTRY_DATA_CHANGED(srcza->entry+srcidx)) { _zip_error_set(&za->error, ZIP_ER_CHANGED, 0);