From 99a317effe1fbb9258abfbb2ea0b376cfbe0d0d4 Mon Sep 17 00:00:00 2001 From: DongHun Kwak Date: Thu, 28 Jun 2018 14:25:48 +0900 Subject: [PATCH] Imported Upstream version 610c22 Change-Id: Id082714bb80d3c7a2a74715679317f304558410b Signed-off-by: DongHun Kwak --- History.610 | 31 +++++++- extract.c | 101 ++++++++++++++---------- process.c | 3 + unzip.c | 16 ++-- unzpriv.h | 238 +++++++++++++++++++++++++++++--------------------------- unzvers.h | 12 ++- vms/cmdline.c | 6 +- zip-comment.txt | 2 +- zipinfo.c | 22 +++--- 9 files changed, 248 insertions(+), 183 deletions(-) diff --git a/History.610 b/History.610 index 7d8b044..1e7e141 100644 --- a/History.610 +++ b/History.610 @@ -661,6 +661,9 @@ Features added (or removed): suggestions. Other related, minor code tidying. (unzip.c, unzip.h, unzpriv.h, vms/cmdline.c) [SMS] +6.1c21 (08 Jun 2017): + - No news. + Bugs fixed: @@ -1265,10 +1268,11 @@ Bugs fixed: compiling (NOCOMPILE). (vms/build_unzip.com) [SMS] - Fixed some bad behavior (program aborts or loops, or faulty memory access) caused by (intentionally) defective/corrupt archives. - Reported by OUSPG ("https://www.ee.oulu.fi/research/ouspg/"). - Removed some harmless but redundant free() instances from extract.c. - (crypt.c, crypt.h, extract.c, fileio.c, funzip.c, os2/os2.c, - process.c, unzpriv.h, win32/win32.c, zipinfo.c) [Aki Helin, SMS] + Reported by OUSPG ("https://www.ee.oulu.fi/research/ouspg/"), + CVE-2015-7696. Removed some harmless but redundant free() instances + from extract.c. (crypt.c, crypt.h, extract.c, fileio.c, funzip.c, + os2/os2.c, process.c, unzpriv.h, win32/win32.c, zipinfo.c) [Aki + Helin, SMS] - memcpy() was being used in some cases on overlapping buffers, which could cause bad extracted data (and "bad CRC" errors) on some systems. Forum topic: @@ -1918,3 +1922,22 @@ Bugs fixed: "zipinfo: Streaming input archive not supported in ZipInfo mode." "End-of-central-directory signature not found." (fileio.c, process.c) [SMS] + +6.1c22 (08 Jun 2017): + - Removed the "NOT FOR GENERAL DISTRIBUTION" message from the program + banner for public beta releases. New C macro: BETA_MSG. (unzip.c, + unzpriv.h, unzvers.h, vms/cmdline.c) [SMS] + - Removed definition of unused macro RELEASE. (unzvers.h) [SMS] + - Invalid archive data could cause the bzip2 expander to loop. + CVE-2015-7697. https://sourceforge.net/p/infozip/patches/23/ + Minor code tidying to replace some raw integers with PK_xxx status + values in the bzip2 expansion code. (extract.c) [Kamil Dudka, SMS] + - Made some changes to reduce complaints from Parfait static analysis. + https://sourceforge.net/p/infozip/patches/21/ + - Added a NULL pointer check in process.c:wide_to_local_string(). + - Extended a static buffer in zipinfo.c:zi_short() to avoid a buffer + overflow with longer date-time strings. + - Changed the flow in zipinfo.c:zipinform() to free some storage + (fn_matched, xn_matched) before returning after an error. New + macro: unzpriv.h:SKIP_ZI(). + (process.c, unzpriv.h, zipinfo.c) [Jiri Kukacka, SMS] diff --git a/extract.c b/extract.c index 71b595c..7188243 100644 --- a/extract.c +++ b/extract.c @@ -1077,7 +1077,7 @@ static int TestExtraField(__G__ ef_buf, ef_len) if (!uO.qflag) Info(slide, 0, ((char *)slide, " OK\n")); - return PK_COOL; + return PK_OK; } /* TestExtraField(). */ @@ -2295,7 +2295,8 @@ static int extract_or_test_member(__G) /* return PK-type error code */ __GDEF { register int b; - int r, error=PK_COOL; + int r; + int error = PK_OK; /* AES-encrypted data include a trailer which must not be put out. * For STORED data, the output bytes are counted in bytes_put_out, @@ -2644,25 +2645,29 @@ static int extract_or_test_member(__G) /* return PK-type error code */ } } - if ((r = UZbunzip2(__G)) != 0) { - if (r < PK_DISK) { + if ((r = UZbunzip2(__G)) != 0) + { + if (r < PK_DISK) + { if ((uO.tflag && uO.qflag) || (!uO.tflag && !QCOND2)) + { Info(slide, 0x401, ((char *)slide, LoadFarStringSmall(ErrUnzipFile), r == PK_MEM3 ? LoadFarString(NotEnoughMem) : LoadFarString(InvalidComprData), LoadFarStringSmall2(BUnzip), FnFilter1(G.filename))); + } else + { Info(slide, 0x401, ((char *)slide, LoadFarStringSmall(ErrUnzipNoFile), r == PK_MEM3 ? LoadFarString(NotEnoughMem) : LoadFarString(InvalidComprData), LoadFarStringSmall2(BUnzip))); - error = ((r == 3) ? PK_MEM3 : PK_ERR); - } else { - error = r; + } } + error = r; } break; #endif /* def BZIP2_SUPPORT */ @@ -2680,25 +2685,29 @@ static int extract_or_test_member(__G) /* return PK-type error code */ } } - if ((r = UZlzma(__G)) != 0) { - if (r < PK_DISK) { + if ((r = UZlzma(__G)) != 0) + { + if (r < PK_DISK) + { if ((uO.tflag && uO.qflag) || (!uO.tflag && !QCOND2)) + { Info(slide, 0x401, ((char *)slide, LoadFarStringSmall(ErrUnzipFile), r == PK_MEM3 ? LoadFarString(NotEnoughMem) : LoadFarString(InvalidComprData), LoadFarStringSmall2(UnLZMA), FnFilter1(G.filename))); + } else + { Info(slide, 0x401, ((char *)slide, LoadFarStringSmall(ErrUnzipNoFile), r == PK_MEM3 ? LoadFarString(NotEnoughMem) : LoadFarString(InvalidComprData), LoadFarStringSmall2(UnLZMA))); - error = ((r == 3) ? PK_MEM3 : PK_ERR); - } else { - error = r; + } } + error = r; } break; #endif /* LZMA_SUPPORT */ @@ -2716,25 +2725,29 @@ static int extract_or_test_member(__G) /* return PK-type error code */ } } - if ((r = UZppmd(__G)) != 0) { - if (r < PK_DISK) { + if ((r = UZppmd(__G)) != 0) + { + if (r < PK_DISK) + { if ((uO.tflag && uO.qflag) || (!uO.tflag && !QCOND2)) + { Info(slide, 0x401, ((char *)slide, LoadFarStringSmall(ErrUnzipFile), r == PK_MEM3 ? LoadFarString(NotEnoughMem) : LoadFarString(InvalidComprData), LoadFarStringSmall2(UnPPMd), FnFilter1(G.filename))); + } else + { Info(slide, 0x401, ((char *)slide, LoadFarStringSmall(ErrUnzipNoFile), r == PK_MEM3 ? LoadFarString(NotEnoughMem) : LoadFarString(InvalidComprData), LoadFarStringSmall2(UnPPMd))); - error = ((r == 3) ? PK_MEM3 : PK_ERR); - } else { - error = r; + } } + error = r; } break; #endif /* PPMD_SUPPORT */ @@ -5872,7 +5885,8 @@ int memextract(__G__ tgt, tgtsize, src, srcsize) /* extract compressed */ zoff_t old_csize=G.csize; uch *old_inptr=G.inptr; int old_incnt=G.incnt; - int r, error=PK_OK; + int r; + int error = PK_OK; ush method; ulg extra_field_crc; @@ -5966,7 +5980,7 @@ int memflush(__G__ rawbuf, size) G.outsize -= size; G.outcnt += size; - return 0; + return PK_OK; } /* memflush(). */ @@ -6386,12 +6400,19 @@ wchar_t *fnfilterw( src, dst, siz) static int UZbunzip2(__G) __GDEF /* decompress a bzipped entry using the libbz2 routines */ -{ - int retval = 0; /* return code: 0 = "no error" */ - int err=BZ_OK; +{ + int retval = PK_OK; /* Return PK-type error code. */ + int err = BZ_OK; int repeated_buf_err; bz_stream bstrm; + /* Data sanity check. (Avoid infinite loop.) */ + if ((G.incnt <= 0) && (G.csize <= 0)) + { + Trace(( stderr, "UZbunzip2(): Data sanity failure.\n")); + return PK_WARN; + } + #if defined(DLL) && !defined(NO_SLIDE_REDIR) if (G.redirect_slide) wsize = G.redirect_size, redirSlide = G.redirect_buffer; @@ -6405,24 +6426,22 @@ static int UZbunzip2(__G) bstrm.next_in = (char *)G.inptr; bstrm.avail_in = G.incnt; - { - /* local buffer for efficiency */ - /* $TODO Check for BZIP LIB version? */ + /* local buffer for efficiency */ + /* $TODO Check for BZIP LIB version? */ - bstrm.bzalloc = NULL; - bstrm.bzfree = NULL; - bstrm.opaque = NULL; + bstrm.bzalloc = NULL; + bstrm.bzfree = NULL; + bstrm.opaque = NULL; - Trace((stderr, "initializing bzlib()\n")); - err = BZ2_bzDecompressInit(&bstrm, 0, 0); + Trace((stderr, "initializing bzlib()\n")); + err = BZ2_bzDecompressInit(&bstrm, 0, 0); - if (err == BZ_MEM_ERROR) - return 3; + if (err == BZ_MEM_ERROR) + return PK_MEM; #ifdef Tracing /* 2012-12-03 SMS. Avoid complaints about empty if(). */ - else if (err != BZ_OK) - Trace((stderr, "oops! (BZ2_bzDecompressInit() err = %d)\n", err)); + else if (err != BZ_OK) + Trace((stderr, "oops! (BZ2_bzDecompressInit() err = %d)\n", err)); #endif /* def Tracing */ - } #ifdef FUNZIP while (err != BZ_STREAM_END) { @@ -6435,12 +6454,12 @@ static int UZbunzip2(__G) err = BZ2_bzDecompress(&bstrm); if (err == BZ_DATA_ERROR) { - retval = 2; goto uzbunzip_cleanup_exit; + retval = PK_ERR; goto uzbunzip_cleanup_exit; } else if (err == BZ_MEM_ERROR) { - retval = 3; goto uzbunzip_cleanup_exit; + retval = PK_MEM3; goto uzbunzip_cleanup_exit; } #ifdef Tracing /* 2012-12-03 SMS. Avoid complaints about empty if(). */ - else if (err != BZ_OK && err != BZ_STREAM_END) + else if ((err != BZ_OK) && (err != BZ_STREAM_END)) Trace((stderr, "oops! (bzip(first loop) err = %d)\n", err)); #endif /* def Tracing */ @@ -6454,7 +6473,7 @@ static int UZbunzip2(__G) if (bstrm.avail_in == 0) { if (fillinbuf(__G) == 0) { /* no "END-condition" yet, but no more data */ - retval = 2; goto uzbunzip_cleanup_exit; + retval = PK_ERR; goto uzbunzip_cleanup_exit; } bstrm.next_in = (char *)G.inptr; bstrm.avail_in = G.incnt; @@ -6477,9 +6496,9 @@ static int UZbunzip2(__G) while (err != BZ_STREAM_END) { err = BZ2_bzDecompress(&bstrm); if (err == BZ_DATA_ERROR) { - retval = 2; goto uzbunzip_cleanup_exit; + retval = PK_ERR; goto uzbunzip_cleanup_exit; } else if (err == BZ_MEM_ERROR) { - retval = 3; goto uzbunzip_cleanup_exit; + retval = PK_MEM3; goto uzbunzip_cleanup_exit; } else if (err != BZ_OK && err != BZ_STREAM_END) { Trace((stderr, "oops! (bzip(final loop) err = %d)\n", err)); DESTROYGLOBALS(); diff --git a/process.c b/process.c index 2a1d6b1..373f9f4 100644 --- a/process.c +++ b/process.c @@ -3057,6 +3057,9 @@ char *wide_to_local_string(wide_string, escape_all) char *buffer = NULL; char *local_string = NULL; + if (wide_string == NULL) + return NULL; + for (wsize = 0; wide_string[wsize]; wsize++) ; if (max_bytes < MAX_ESCAPE_BYTES) diff --git a/unzip.c b/unzip.c index 2ac33d3..094c72c 100644 --- a/unzip.c +++ b/unzip.c @@ -438,13 +438,13 @@ static ZCONST char Far ZipInfoUsageLine4m[] = ""; # endif /* def MORE [else] */ # endif /* !NO_ZIPINFO */ -# ifdef BETA +# ifdef BETA_MSG # ifndef VMSCLI static /* Used in vms/cmdline.c, so not static in VMS CLI. */ # endif /* ndef VMSCLI */ ZCONST char Far BetaVersion[] = "%s\ THIS IS A BETA VERSION OF UNZIP%s -- NOT FOR GENERAL DISTRIBUTION.\n"; -# endif +# endif /* def BETA_MSG */ # ifndef VMSCLI static /* Used in vms/cmdline.c, so not static in VMS CLI. */ @@ -2969,11 +2969,11 @@ int uz_opts(__G__ opts, pargc, pargv) Info(slide, (uzo_err ? 1 : 0), ((char *)slide, LoadFarString( UnzipBanner), "UnZipSFX", UzpVersionStr(), UZ_VERSION_DATE, UZ_VERSION_DATE)); -# ifdef BETA +# ifdef BETA_MSG /* always print the beta warning: no unauthorized distribution!! */ Info(slide, (uzo_err ? 1 : 0), ((char *)slide, LoadFarString(BetaVersion), "\n", "SFX")); -# endif /* def BETA */ +# endif /* def BETA_MSG */ # endif /* def SFX */ if (uO.cflag || uO.tflag || uO.vflag || uO.zflag @@ -3175,7 +3175,7 @@ int usage(__G__ u_err) /* return PK-type error code */ Info( slide, flag, ((char *)slide, LoadFarString( UnzipBanner), "UnZipSFX", UzpVersionStr(), UZ_VERSION_DATE, UZ_VERSION_DATE)); -# ifdef BETA +# ifdef BETA_MSG Info( slide, flag, ((char *)slide, LoadFarString( BetaVersion), "\n", "SFX")); # endif @@ -3234,7 +3234,7 @@ int usage(__G__ u_err) /* return PK-type error code */ Info( slide, flag, ((char *)slide, LoadFarString( ZipInfoUsageLine1), UzpVersionStr(), UZ_VERSION_DATE, USAGE_DCL_Z)); -# ifdef BETA +# ifdef BETA_MSG Info( slide, flag, ((char *)slide, LoadFarString( BetaVersion), "", "")); # endif @@ -3254,7 +3254,7 @@ int usage(__G__ u_err) /* return PK-type error code */ { /* UnZip mode */ Info(slide, flag, ((char *)slide, LoadFarString( UnzipUsageLine1), UzpVersionStr(), UZ_VERSION_DATE, USAGE_DCL_U)); -# ifdef BETA +# ifdef BETA_MSG Info(slide, flag, ((char *)slide, LoadFarString(BetaVersion), "", "")); # endif @@ -3842,7 +3842,7 @@ void show_version_info(__G) " Maintainer: Steven M. Schweda")); Info(slide, 0, ((char *)slide, LoadFarString(UnzipVersionLine))); -# ifdef BETA +# ifdef BETA_MSG Info( slide, 0, ((char *)slide, LoadFarString( BetaVersion), "", "")); Info( slide, 0, ((char *)slide, "%s", "\n")); diff --git a/unzpriv.h b/unzpriv.h index e384832..00ced35 100644 --- a/unzpriv.h +++ b/unzpriv.h @@ -17,22 +17,21 @@ ---------------------------------------------------------------------------*/ -/* It has been proposed to replace unzpriv.h by zip-like tailor.h and tree of - PORT/osdep.h headers. - - This is a result of the effort to synchronize/rationalize the build - systems (such as unix/Makefile and unix/configure). - - This will ensure that customization is as close as possible between Zip - and UnZip. - - This in turn will make it much easier to safely share code between the - Zip and UnZip source trees. - - This might get done in the next beta. */ - -#ifndef __unzpriv_h /* prevent multiple inclusions */ +/* It has been proposed to replace unzpriv.h by zip-like tailor.h and + * tree of PORT/osdep.h headers. + * - This is a result of the effort to synchronize/rationalize the build + * systems (such as unix/Makefile and unix/configure). + * - This will ensure that customization is as close as possible between Zip + * and UnZip. + * - This in turn will make it much easier to safely share code between the + * Zip and UnZip source trees. + */ + +#ifndef __unzpriv_h /* Prevent multiple inclusions. */ #define __unzpriv_h #ifdef VMSCLI -# include "unzvers.h" /* Need BETA for some VMS CLI strings. */ +# include "unzvers.h" /* Need BETA_MSG for some VMS CLI strings. */ #endif /* def VMSCLI */ /* First thing: Signal all following code that we compile UnZip utilities! */ @@ -208,30 +207,31 @@ #endif /* This needs fixing, but currently assume that we don't have full - Unicode support unless UNICODE_WCHAR is set. - - What we should do is define three possibilities: - UNICODE_WCHAR = we have the wide character support we need for Unicode. - If unix/configure found the port is missing something, - the port needs to provide it and turn Unicode back on. - Check for HAVE_TOWUPPER and so on. - UNICODE_ICONV = we can use iconv for Unicode conversions. All processing - will be done using 8-bit characters. - UNICODE_NATIVE = we don't need to do any conversions. This flag is needed, - though, so we know to set the UTF-8 bit. It also means - we somehow have verified the character set as UTF-8. - However, note that if the port has no way to convert - from UTF-8, the code page must be UTF-8 to see paths in - an existing archive. - - I can't see any reason more than one of these should be set in any - particular build, so there probably should be some priority order for these - set up. For instance, if UTF-8 is native, then paths coming in are already - UTF-8 and the UTF-8 paths in existing archives should be readable, so no - conversion code may be needed, just the code to detect if UNICODE_NATIVE - really applies. - - This might get done in the next beta. */ + * Unicode support unless UNICODE_WCHAR is set. + * + * What we should do is define three possibilities: + * UNICODE_WCHAR We have the wide character support we need for + * Unicode. If unix/configure found the port is + * missing something, then the port needs to provide it + * and turn Unicode back on. + * Check for HAVE_TOWUPPER and so on. + * UNICODE_ICONV We can use iconv for Unicode conversions. All + * processing will be done using 8-bit characters. + * UNICODE_NATIVE We don't need to do any conversions. This flag is + * needed, though, so we know to set the UTF-8 bit. It + * also means that we somehow have verified the + * character set as UTF-8. Note, however, that if the + * port has no way to convert from UTF-8, then the code + * page must be UTF-8 to see paths in an existing + * archive. + * + * No reason is known to set more than one of these in any particular + * build, so there probably should be some priority order for them. + * For instance, if UTF-8 is native, then paths coming in are already + * UTF-8, and the UTF-8 paths in existing archives should be readable, + * so no conversion code should be needed, only the code to detect if + * UNICODE_NATIVE really applies. + */ #ifdef UNICODE_SUPPORT # if !(defined(UNICODE_WCHAR)) @@ -301,6 +301,7 @@ # define BSD 1 # endif #endif /* ultrix || __ultrix || bsd4_2 */ + #if (defined(sun) || defined(pyr) || defined(CONVEX)) # if (!defined(BSD) && !defined(SYSV)) # define BSD 1 @@ -694,10 +695,12 @@ /* ---------------------------------------------------------------------------- MUST BE AFTER LARGE FILE INCLUDES ---------------------------------------------------------------------------- */ -/* This stuff calls in types and messes up large file includes. It needs to - go after large file defines in local includes. - I am guessing that moving them here probably broke some ports, but hey. - 10/31/2004 EG */ +/* This stuff calls in types and messes up large file includes. It + * needs to appear after large file defines in local includes. + * I am guessing that moving them here probably broke some ports, but hey. + * 10/31/2004 EG + */ + /* ---------------------------------------------------------------------------- Common includes ---------------------------------------------------------------------------- */ @@ -1414,19 +1417,19 @@ void izu_md_check( void); #ifdef _MBCS /* Multi Byte Character Set support - - This section supports a number of mbcs-related functions which - will use the OS-provided version (if found by a unix/configure - test, or equivalent) or will use a generic minimally-functional - version provided as a fileio.c function. - - All references to this function UnZip code are via the FUNCTION - name. - - If unix/configure finds the OS-provided function, it will define - a macro in the form FUNCTION=function. - - If not defined: - - A replacement is defined below pointing to the generic version. - - The prototype for the generic function will be defined (below). - - A NEED_FUNCTION macro will also be defined, to enable compile - of the fileio.c code to implement the generic function. + * - This section supports a number of mbcs-related functions which + * will use the OS-provided version (if found by a unix/configure + * test, or equivalent) or will use a generic minimally-functional + * version provided as a fileio.c function. + * - All references to this function UnZip code are via the FUNCTION + * name. + * - If unix/configure finds the OS-provided function, it will define + * a macro in the form FUNCTION=function. + * - If not defined: + * - A replacement is defined below pointing to the generic version. + * - The prototype for the generic function will be defined (below). + * - A NEED_FUNCTION macro will also be defined, to enable compile + * of the fileio.c code to implement the generic function. */ # include @@ -1559,38 +1562,38 @@ void izu_md_check( void); /*-------------------------------------------------------------------- - Long option support - 23 August 2003 - Originally from Zip 3.0 - Updated for UnZip 1 March 2008 - See unzip.c - --------------------------------------------------------------------*/ - -/* The below is for use in the caller-provided options table */ + * Long option support + * 23 August 2003 + * Originally from Zip 3.0 + * Updated for UnZip 1 March 2008 + * See unzip.c + *-------------------------------------------------------------------- + */ -/* value_type - value is always returned as a string. */ -#define o_NO_VALUE 0 /* this option does not take a value */ -#define o_REQUIRED_VALUE 1 /* this option requires a value */ -#define o_OPTIONAL_VALUE 2 /* value is optional (see get_option() for details) */ -#define o_VALUE_LIST 3 /* this option takes a list of values */ -#define o_ONE_CHAR_VALUE 4 /* next char is value (does not end short opt string) */ -#define o_NUMBER_VALUE 5 /* value is integer (does not end short opt string) */ -#define o_OPT_EQ_VALUE 6 /* value optional, but "=" required for one. */ +/* Options table flag values. */ -/* negatable - a dash following the option (but before any value) sets negated. */ -#define o_NOT_NEGATABLE 0 /* trailing '-' to negate either starts value or generates error */ -#define o_NEGATABLE 1 /* trailing '-' sets negated to TRUE */ +/* value_type - Value is always returned as a string. */ +#define o_NO_VALUE 0 /* No value. */ +#define o_REQUIRED_VALUE 1 /* Value required. */ +#define o_OPTIONAL_VALUE 2 /* Value optional. */ +#define o_VALUE_LIST 3 /* Value list required. */ +#define o_ONE_CHAR_VALUE 4 /* One-char value (doesn't end short opt str). */ +#define o_NUMBER_VALUE 5 /* Integer value (doesn't end short opt str). */ +#define o_OPT_EQ_VALUE 6 /* Value optional, but "=" required for one. */ +/* negatable - Hyphen after option (but before any value) sets negated. */ +#define o_NOT_NEGATABLE 0 /* trailing "-" either starts value or error. */ +#define o_NEGATABLE 1 /* trailing "-" sets negated to TRUE. */ /* option_num can be this when option not in options table */ #define o_NO_OPTION_MATCH -1 - -/* special values returned by get_option - do not use these as option IDs */ -#define o_NON_OPTION_ARG ((unsigned long) 0xFFFF) /* returned for non-option - args */ -#define o_ARG_FILE_ERR ((unsigned long) 0xFFFE) /* internal recursion - return (user never sees) */ -#define o_BAD_ERR ((unsigned long) 0xFFFD) /* bad error */ + +/* Special values returned by get_option - do not use these as option IDs */ +#define o_NON_OPTION_ARG ((unsigned long) 0xFFFF) /* non-option arg */ +#define o_ARG_FILE_ERR ((unsigned long) 0xFFFE) /* internal recursion + error (Should + never occur.) */ +#define o_BAD_ERR ((unsigned long) 0xFFFD) /* bad error */ /* Most option IDs are set to the shortopt char. For multichar short * options, ID is set to an arbitrary unused constant (defined below). @@ -2069,7 +2072,8 @@ struct file_list { #define AESENCRED 99 #define NUM_METHODS 19 /* Number of known method IDs. */ /* Be sure to update list.c (list_files()), extract.c, and zipinfo.c - * appropriately if NUM_METHODS changes. */ + * appropriately, if NUM_METHODS changes. + */ /* (the PK-class error codes are public and have been moved into unzip.h) */ @@ -2555,13 +2559,13 @@ typedef struct VMStimbuf { /* The following structs are used to hold all header data of a zip entry. - Traditionally, the structs' layouts followed the data layout of the - corresponding zipfile header structures. However, the zipfile header - layouts were designed in the old ages of 16-bit CPUs, they are subject - to structure padding and/or alignment issues on newer systems with a - "natural word width" of more than 2 bytes. - Please note that the structure members are now reordered by size - (top-down), to prevent internal padding and optimize memory usage! + * Traditionally, the structs' layouts followed the data layout of the + * corresponding zipfile header structures. However, the zipfile header + * layouts were designed in the old ages of 16-bit CPUs, they are subject + * to structure padding and/or alignment issues on newer systems with a + * "natural word width" of more than 2 bytes. + * Please note that the structure members are now reordered by size + * (top-down), to prevent internal padding and optimize memory usage! */ typedef struct local_file_header { /* LOCAL */ zusz_t csize; @@ -2615,12 +2619,13 @@ typedef struct VMStimbuf { /* Huffman code lookup table entry--this entry is four bytes for machines - that have 16-bit pointers (e.g. PC's in the small or medium model). - Valid extra bits are 0..16. e == 31 is EOB (end of block), e == 32 - means that v is a literal, 32 < e < 64 means that v is a pointer to - the next table, which codes (e & 31) bits, and lastly e == 99 indicates - an unused code. If a code with e == 99 is looked up, this implies an - error in the data. */ + * that have 16-bit pointers (e.g. PC's in the small or medium model). + * Valid extra bits are 0..16. e == 31 is EOB (end of block), e == 32 + * means that v is a literal, 32 < e < 64 means that v is a pointer to + * the next table, which codes (e & 31) bits, and lastly e == 99 indicates + * an unused code. If a code with e == 99 is looked up, this implies an + * error in the data. + */ struct huft { uch e; /* number of extra bits or operation */ @@ -3101,7 +3106,7 @@ int iswildw OF((ZCONST wchar_t *pw)); /* match.c */ #endif /* declarations of public CRC-32 functions have been moved into crc32.h - (free_crc_table(), get_crc_table(), crc32()) crc32.c */ + * (free_crc_table(), get_crc_table(), crc32()) crc32.c */ int dateformat OF((void)); /* local */ char dateseparator OF((void)); /* local */ @@ -3287,24 +3292,31 @@ char *GetLoadPath OF((__GPRO)); /* local */ # define TEST_NTSD NULL /* ... is not available */ #endif -#define SKIP_(length) if(length&&((error=do_string(__G__ length,SKIP))!=0))\ - {error_in_archive=error; if(error>1) return error;} - /* - * Skip a variable-length field, and report any errors. Used in zipinfo.c - * and unzip.c in several functions. - * - * macro SKIP_(length) - * ush length; - * { - * if (length && ((error = do_string(length, SKIP)) != 0)) { - * error_in_archive = error; /-* might be warning *-/ - * if (error > 1) /-* fatal *-/ - * return (error); - * } - * } - * + * SKIP_() - Macro to skip a variable-length field, record a more severe + * error, and return. Used in list.c and zipinfo.c. + */ +#define SKIP_( len) \ +if ((len > 0) && ((error = do_string( __G__ len, SKIP)) != PK_OK)) \ +{ \ + if (error > error_in_archive) \ + error_in_archive = error; \ + if (error > PK_WARN) \ + return error; \ +} + +/* 2017-06-06 SMS. https://sourceforge.net/p/infozip/patches/21/ + * Use SKIP_ZI() in zipinfo.c:zipinform(), instead of SKIP_(), to free + * storage (fn_matched, xn_matched) before returning after an error. */ +#define SKIP_ZI( len) \ +if ((len > 0) && ((error = do_string( __G__ len, SKIP)) != PK_OK)) \ +{ \ + if (error > error_in_archive) \ + error_in_archive = error; \ + if (error > PK_WARN) \ + goto err_exit; \ +} #ifdef FUNZIP @@ -3591,9 +3603,9 @@ char *GetLoadPath OF((__GPRO)); /* local */ #endif /* ndef SFX */ #ifdef VMSCLI -# ifdef BETA +# ifdef BETA_MSG extern ZCONST char BetaVersion[]; -# endif /* def BETA */ +# endif /* def BETA_MSG */ # ifdef SFX extern ZCONST char UnzipBanner[]; # else /* def SFX */ diff --git a/unzvers.h b/unzvers.h index 03269a0..2043282 100644 --- a/unzvers.h +++ b/unzvers.h @@ -15,19 +15,23 @@ # ifdef BETA # undef BETA /* Swap blocks. Last of define/undef wins. */ +# undef BETA_MSG # endif +/* Define BETA_MSG to restore the unzip.c:BetaVersion[] message: + * [...] NOT FOR GENERAL DISTRIBUTION + */ # ifndef BETA # define BETA /* Undefine BETA for public releases. */ +# define BETA_MSG /*_xxx*/ /* Remove "_xxx" to activate the message. */ # endif # ifdef BETA -# define UZ_BETALEVEL "c21-BETA" -# define UZ_VERSION_DATE "2017-05-15" /* Internal beta version. */ +# define UZ_BETALEVEL "c22-BETA" +# define UZ_VERSION_DATE "2017-06-08" /* Internal beta version. */ # else # define UZ_BETALEVEL "" # define UZ_VERSION_DATE "2017-XX-XX" /* Official release version. */ -# define RELEASE # endif # define UZ_MAJORVER 6 /* UnZip */ @@ -38,7 +42,7 @@ # define UZ_PATCHLEVEL 0 -# define UZ_VER_STRING "6.1c21" /* Sync with Version numbers! */ +# define UZ_VER_STRING "6.1c22" /* Sync with Version numbers! */ # ifndef IZ_COMPANY_NAME # define IZ_COMPANY_NAME "Info-ZIP" diff --git a/vms/cmdline.c b/vms/cmdline.c index 035d6a5..f570f8a 100644 --- a/vms/cmdline.c +++ b/vms/cmdline.c @@ -1,5 +1,5 @@ /* - Copyright (c) 1990-2016 Info-ZIP. All rights reserved. + Copyright (c) 1990-2017 Info-ZIP. All rights reserved. See the accompanying file LICENSE, version 2009-Jan-02 or later (the contents of which are also included in unzip.h) for terms of use. @@ -1979,7 +1979,7 @@ int VMSCLI_usage(__GPRO__ int error) /* returns PK-type error code */ Info(slide, flag, ((char *)slide, UnzipBanner, "UnZip", UzpVersionStr(), UZ_VERSION_DATE, UZ_VERSION_DATE)); -# ifdef BETA +# ifdef BETA_MSG Info( slide, flag, ((char *)slide, LoadFarString( BetaVersion), "\n", "")); # endif @@ -2139,7 +2139,7 @@ Quote archive member names if /MATCH=CASE=SENSITIVE (default).\n\ Info(slide, flag, ((char *)slide, UnzipUsageLine1, UzpVersionStr(), UZ_VERSION_DATE, UzpDclStr())); -# ifdef BETA +# ifdef BETA_MSG Info(slide, flag, ((char *)slide, BetaVersion, "", "")); # endif diff --git a/zip-comment.txt b/zip-comment.txt index 1d636e2..cdabaa3 100644 --- a/zip-comment.txt +++ b/zip-comment.txt @@ -1,5 +1,5 @@ -Info-Zip UnZip -- Source kit. Version 6.10c21 (pre-BETA) 2017-05-15. +Info-Zip UnZip -- Source kit. Version 6.1c22 (pre-BETA) 2017-06-08. See enclosed files INSTALL, LICENSE, and README. For information on Info-Zip UnZip and Zip: diff --git a/zipinfo.c b/zipinfo.c index 4b37fe3..da59f56 100644 --- a/zipinfo.c +++ b/zipinfo.c @@ -1082,7 +1082,7 @@ void zi_end_central(__G) /* Function zipinform() */ /**************************/ -int zipinform(__G) /* return PK-type error code */ +int zipinform(__G) /* Return PK-type error code. */ __GDEF { int do_this_file = FALSE; @@ -1253,7 +1253,7 @@ int zipinform(__G) /* return PK-type error code */ case 1: case 2: fnprint(__G); - SKIP_(G.crec.file_comment_length) + SKIP_ZI( G.crec.file_comment_length) break; case 3: @@ -1274,7 +1274,7 @@ int zipinform(__G) /* return PK-type error code */ break; default: - SKIP_(G.crec.file_comment_length) + SKIP_ZI( G.crec.file_comment_length) break; } /* end switch (lflag) */ @@ -1313,8 +1313,8 @@ int zipinform(__G) /* return PK-type error code */ #endif } else { /* not listing this file */ - SKIP_(G.crec.extra_field_length) - SKIP_(G.crec.file_comment_length) + SKIP_ZI( G.crec.extra_field_length) + SKIP_ZI( G.crec.file_comment_length) if (endprev != 0) endprev = 0; } /* end if (list member?) */ @@ -1367,6 +1367,8 @@ int zipinform(__G) /* return PK-type error code */ found. ---------------------------------------------------------------------------*/ +err_exit: /* Used by the SKIP_ZI() macro. */ + if (fn_matched) { if (error_in_archive <= PK_WARN) for (j = 0; j < G.filespecs; ++j) @@ -2552,7 +2554,9 @@ static int zi_short(__G) /* return PK-type error code */ unsigned xattr_high; unsigned xattr_low; #define xattr xattr_high - char *p, workspace[12], attribs[16]; + char *p; + char workspace[12]; + char attribs[21]; /* Need 16 for attribs, 21 for d_t_buf. */ char methbuf[5]; static ZCONST char dtype[5]="NXFS"; /* normal, maximum, fast, superfast */ static ZCONST char Far oss[NUM_HOSTS+1][4] = { @@ -2853,8 +2857,8 @@ static int zi_short(__G) /* return PK-type error code */ Info(slide, 0, ((char *)slide, " %s", FmZofft(G.crec.csize, "8", "u"))); - /* For printing of date & time, a "char d_t_buf[16]" is required. - * To save stack space, we reuse the "char attribs[16]" buffer whose + /* For printing of date & time, a "char d_t_buf[21]" is required. + * To save stack space, we reuse the "char attribs[21]" buffer whose * content is no longer needed. */ # define d_t_buf attribs @@ -2934,7 +2938,7 @@ static char *zi_time(__G__ datetimez, modtimez, d_t_str) __GDEF ZCONST ulg *datetimez; ZCONST time_t *modtimez; - char *d_t_str; + char *d_t_str; /* 21 char (incl NUL), minimum. */ { unsigned yr, mo, dy, hh, mm, ss; char monthbuf[4]; -- 2.7.4