archive/zip: treat truncated EOCDR comment as an error - go - Fork of Go programming language with my patches.

diff options

author	Damien Neil <dneil@google.com>	2024-05-14 14:39:10 -0700
committer	Damien Neil <dneil@google.com>	2024-05-16 15:56:19 +0000
commit	33d725e5758bf1fea62e6c77fc70b57a828a49f5 (patch)
tree	d2570f708e4c8987c779e657f4269e7a4ea6752b /src/net/http
parent	2b3d98f2ba839d4e1007652c4c92a4610092f55e (diff)
download	go-33d725e5758bf1fea62e6c77fc70b57a828a49f5.tar.xz

archive/zip: treat truncated EOCDR comment as an error

When scanning for an end of central directory record, treat an EOCDR signature with a record containing a truncated comment as an error. Previously, we would skip over the invalid record and look for another one. Other implementations do not do this (they either consider this a hard error, or just ignore the truncated comment). This parser misalignment allowed presenting entirely different archive contents to Go programs and other zip decoders. Fixes #66869 Change-Id: I94e5cb028534bb5704588b8af27f1e22ea49c7c6 Reviewed-on: https://go-review.googlesource.com/c/go/+/585397 Reviewed-by: Joseph Tsai <joetsai@digital-static.net> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>

Diffstat (limited to 'src/net/http')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: