diff -c zl121/ChangeLogUnzip zl121fixed/ChangeLogUnzip *** zl121/ChangeLogUnzip Wed Sep 10 11:00:15 2003 --- zl121fixed/ChangeLogUnzip Sun May 16 13:17:11 2004 *************** *** 1,3 **** --- 1,7 ---- + Change in 1.01 (8 may 04) + - fix buffer overrun risk in unzip.c (Xavier Roche) + - fix a minor buffer insecurity in minizip.c (Mike Whittaker) + Change in 1.00: (10 sept 03) - rename to 1.00 - cosmetic code change diff -c zl121/crypt.h zl121fixed/crypt.h *** zl121/crypt.h Wed Sep 10 11:00:15 2003 --- zl121fixed/crypt.h Sun May 16 13:17:11 2004 *************** *** 1,9 **** /* crypt.h -- base code for crypt/uncrypt ZIPfile ! Version 1.00, September 10th, 2003 ! Copyright (C) 1998-2003 Gilles Vollant This code is a modified version of crypting code in Infozip distribution --- 1,9 ---- /* crypt.h -- base code for crypt/uncrypt ZIPfile ! Version 1.01, May 8th, 2004 ! Copyright (C) 1998-2004 Gilles Vollant This code is a modified version of crypting code in Infozip distribution diff -c zl121/ioapi.c zl121fixed/ioapi.c *** zl121/ioapi.c Wed Sep 10 11:00:15 2003 --- zl121fixed/ioapi.c Sun May 16 13:36:58 2004 *************** *** 1,9 **** /* ioapi.c -- IO base function header for compress/uncompress .zip files using zlib + zip or unzip API ! Version 1.00, September 10th, 2003 ! Copyright (C) 1998-2003 Gilles Vollant */ #include --- 1,9 ---- /* ioapi.c -- IO base function header for compress/uncompress .zip files using zlib + zip or unzip API ! Version 1.01, May 8th, 2004 ! Copyright (C) 1998-2004 Gilles Vollant */ #include diff -c zl121/ioapi.h zl121fixed/ioapi.h *** zl121/ioapi.h Wed Sep 10 11:00:15 2003 --- zl121fixed/ioapi.h Sun May 16 13:37:15 2004 *************** *** 1,9 **** /* ioapi.h -- IO base function header for compress/uncompress .zip files using zlib + zip or unzip API ! Version 1.00, September 10th, 2003 ! Copyright (C) 1998-2003 Gilles Vollant */ #ifndef _ZLIBIOAPI_H --- 1,9 ---- /* ioapi.h -- IO base function header for compress/uncompress .zip files using zlib + zip or unzip API ! Version 1.01, May 8th, 2004 ! Copyright (C) 1998-2004 Gilles Vollant */ #ifndef _ZLIBIOAPI_H diff -c zl121/iowin32.c zl121fixed/iowin32.c *** zl121/iowin32.c Wed Sep 10 11:00:15 2003 --- zl121fixed/iowin32.c Sun May 16 13:17:11 2004 *************** *** 2,10 **** files using zlib + zip or unzip API This IO API version uses the Win32 API (for Microsoft Windows) ! Version 1.00, September 10th, 2003 ! Copyright (C) 1998-2003 Gilles Vollant */ #include --- 2,10 ---- files using zlib + zip or unzip API This IO API version uses the Win32 API (for Microsoft Windows) ! Version 1.01, May 8th, 2004 ! Copyright (C) 1998-2004 Gilles Vollant */ #include diff -c zl121/iowin32.h zl121fixed/iowin32.h *** zl121/iowin32.h Wed Sep 10 11:00:15 2003 --- zl121fixed/iowin32.h Sun May 16 13:17:11 2004 *************** *** 2,10 **** files using zlib + zip or unzip API This IO API version uses the Win32 API (for Microsoft Windows) ! Version 1.00, September 10th, 2003 ! Copyright (C) 1998-2003 Gilles Vollant */ #include --- 2,10 ---- files using zlib + zip or unzip API This IO API version uses the Win32 API (for Microsoft Windows) ! Version 1.01, May 8th, 2004 ! Copyright (C) 1998-2004 Gilles Vollant */ #include diff -c zl121/miniunz.c zl121fixed/miniunz.c *** zl121/miniunz.c Wed Sep 10 11:00:15 2003 --- zl121fixed/miniunz.c Sun May 16 13:17:12 2004 *************** *** 1,3 **** --- 1,11 ---- + /* + miniunz.c + Version 1.01, May 8th, 2004 + + Copyright (C) 1998-2004 Gilles Vollant + */ + + #include #include #include *************** *** 140,146 **** void do_banner() { ! printf("MiniUnz 1.00, demo of zLib + Unz package written by Gilles Vollant\n"); printf("more info at http://www.winimage.com/zLibDll/unzip.html\n\n"); } --- 148,154 ---- void do_banner() { ! printf("MiniUnz 1.01, demo of zLib + Unz package written by Gilles Vollant\n"); printf("more info at http://www.winimage.com/zLibDll/unzip.html\n\n"); } diff -c zl121/minizip.c zl121fixed/minizip.c *** zl121/minizip.c Wed Sep 10 11:00:15 2003 --- zl121fixed/minizip.c Sun May 16 13:17:12 2004 *************** *** 1,3 **** --- 1,10 ---- + /* + minizip.c + Version 1.01, May 8th, 2004 + + Copyright (C) 1998-2004 Gilles Vollant + */ + #include #include #include *************** *** 53,60 **** #else #ifdef unix uLong filetime(f, tmzip, dt) ! char *f; /* name of file to get info on */ ! tm_zip *tmzip; /* return value: access, modific. and creation times */ uLong *dt; /* dostime */ { int ret=0; --- 60,67 ---- #else #ifdef unix uLong filetime(f, tmzip, dt) ! char *f; /* name of file to get info on */ ! tm_zip *tmzip; /* return value: access, modific. and creation times */ uLong *dt; /* dostime */ { int ret=0; *************** *** 66,71 **** --- 73,80 ---- { char name[MAXFILENAME+1]; int len = strlen(f); + if (len > MAXFILENAME) + len = MAXFILENAME; strncpy(name, f,MAXFILENAME-1); /* strncpy doesnt append the trailing NULL, of the string is too long. */ *************** *** 120,126 **** void do_banner() { ! printf("MiniZip 1.00, demo of zLib + Zip package written by Gilles Vollant\n"); printf("more info at http://www.winimage.com/zLibDll/unzip.html\n\n"); } --- 129,135 ---- void do_banner() { ! printf("MiniZip 1.01, demo of zLib + Zip package written by Gilles Vollant\n"); printf("more info at http://www.winimage.com/zLibDll/unzip.html\n\n"); } Only in zl121fixed: mztools.c Only in zl121fixed: mztools.h diff -c zl121/unzip.c zl121fixed/unzip.c *** zl121/unzip.c Wed Sep 10 11:00:15 2003 --- zl121fixed/unzip.c Sun May 16 13:40:12 2004 *************** *** 1,7 **** /* unzip.c -- IO for uncompress .zip files using zlib ! Version 1.00, September 10th, 2003 ! Copyright (C) 1998-2003 Gilles Vollant Read unzip.h for more info */ --- 1,7 ---- /* unzip.c -- IO for uncompress .zip files using zlib ! Version 1.01, May 8th, 2004 ! Copyright (C) 1998-2004 Gilles Vollant Read unzip.h for more info */ *************** *** 88,94 **** const char unz_copyright[] = ! " unzip 1.00 Copyright 1998-2003 Gilles Vollant - http://www.winimage.com/zLibDll"; /* unz_file_info_interntal contain internal info about a file in zipfile*/ typedef struct unz_file_info_internal_s --- 88,94 ---- const char unz_copyright[] = ! " unzip 1.01 Copyright 1998-2004 Gilles Vollant - http://www.winimage.com/zLibDll"; /* unz_file_info_interntal contain internal info about a file in zipfile*/ typedef struct unz_file_info_internal_s *************** *** 798,804 **** s=(unz_s*)file; if (!s->current_file_ok) return UNZ_END_OF_LIST_OF_FILE; ! if (s->num_file+1==s->gi.number_entry) return UNZ_END_OF_LIST_OF_FILE; s->pos_in_central_dir += SIZECENTRALDIRITEM + s->cur_file_info.size_filename + --- 798,805 ---- s=(unz_s*)file; if (!s->current_file_ok) return UNZ_END_OF_LIST_OF_FILE; ! if (s->gi.number_entry != 0xffff) /* 2^16 files overflow hack */ ! if (s->num_file+1==s->gi.number_entry) return UNZ_END_OF_LIST_OF_FILE; s->pos_in_central_dir += SIZECENTRALDIRITEM + s->cur_file_info.size_filename + *************** *** 1461,1467 **** if (ZREAD(pfile_in_zip_read_info->z_filefunc, pfile_in_zip_read_info->filestream, ! buf,size_to_read)!=size_to_read) return UNZ_ERRNO; return (int)read_now; --- 1462,1468 ---- if (ZREAD(pfile_in_zip_read_info->z_filefunc, pfile_in_zip_read_info->filestream, ! buf,read_now)!=read_now) return UNZ_ERRNO; return (int)read_now; *************** *** 1543,1546 **** --- 1544,1584 ---- if ((szComment != NULL) && (uSizeBuf > s->gi.size_comment)) *(szComment+s->gi.size_comment)='\0'; return (int)uReadThis; + } + + /* Additions by RX '2004 */ + extern uLong ZEXPORT unzGetOffset (file) + unzFile file; + { + unz_s* s; + + if (file==NULL) + return UNZ_PARAMERROR; + s=(unz_s*)file; + if (!s->current_file_ok) + return 0; + if (s->gi.number_entry != 0 && s->gi.number_entry != 0xffff) + if (s->num_file==s->gi.number_entry) + return 0; + return s->pos_in_central_dir; + } + + extern int ZEXPORT unzSetOffset (file, pos) + unzFile file; + uLong pos; + { + unz_s* s; + int err; + + if (file==NULL) + return UNZ_PARAMERROR; + s=(unz_s*)file; + + s->pos_in_central_dir = pos; + s->num_file = s->gi.number_entry; /* hack */ + err = unzlocal_GetCurrentFileInfoInternal(file,&s->cur_file_info, + &s->cur_file_info_internal, + NULL,0,NULL,0,NULL,0); + s->current_file_ok = (err == UNZ_OK); + return err; } diff -c zl121/unzip.h zl121fixed/unzip.h *** zl121/unzip.h Wed Sep 10 11:00:15 2003 --- zl121fixed/unzip.h Sun May 16 13:17:12 2004 *************** *** 1,7 **** /* unzip.h -- IO for uncompress .zip files using zlib ! Version 1.00, September 10th, 2003 ! Copyright (C) 1998-2003 Gilles Vollant This unzip package allow extract file from .ZIP file, compatible with PKZip 2.04g WinZip, InfoZip tools and compatible. --- 1,7 ---- /* unzip.h -- IO for uncompress .zip files using zlib ! Version 1.01, May 8th, 2004 ! Copyright (C) 1998-2004 Gilles Vollant This unzip package allow extract file from .ZIP file, compatible with PKZip 2.04g WinZip, InfoZip tools and compatible. *************** *** 334,339 **** --- 334,349 ---- the return value is the number of bytes copied in buf, or (if <0) the error code */ + + /***************************************************************************/ + + /* Get the current file offset */ + extern uLong ZEXPORT unzGetOffset (unzFile file); + + /* Set the current file offset */ + extern int ZEXPORT unzSetOffset (unzFile file, uLong pos); + + #ifdef __cplusplus } diff -c zl121/zip.c zl121fixed/zip.c *** zl121/zip.c Wed Sep 10 11:00:17 2003 --- zl121fixed/zip.c Sun May 16 13:42:46 2004 *************** *** 1,7 **** /* zip.c -- IO on .zip files using zlib ! Version 1.00, September 10th, 2003 ! Copyright (C) 1998-2003 Gilles Vollant Read zip.h for more info */ --- 1,7 ---- /* zip.c -- IO on .zip files using zlib ! Version 1.01, May 8th, 2004 ! Copyright (C) 1998-2004 Gilles Vollant Read zip.h for more info */ *************** *** 77,83 **** #endif #endif const char zip_copyright[] = ! " zip 1.00 Copyright 1998-2003 Gilles Vollant - http://www.winimage.com/zLibDll"; #define SIZEDATA_INDATABLOCK (4096-(4*4)) --- 77,83 ---- #endif #endif const char zip_copyright[] = ! " zip 1.01 Copyright 1998-2004 Gilles Vollant - http://www.winimage.com/zLibDll"; #define SIZEDATA_INDATABLOCK (4096-(4*4)) *************** *** 265,274 **** { unsigned char buf[4]; int n; ! for (n = 0; n < nbByte; n++) { buf[n] = (unsigned char)(x & 0xff); x >>= 8; } if (ZWRITE(*pzlib_filefunc_def,filestream,buf,nbByte)!=(uLong)nbByte) return ZIP_ERRNO; else --- 265,283 ---- { unsigned char buf[4]; int n; ! for (n = 0; n < nbByte; n++) ! { buf[n] = (unsigned char)(x & 0xff); x >>= 8; } + if (x != 0) + { /* data overflow - hack for ZIP64 (X Roche) */ + for (n = 0; n < nbByte; n++) + { + buf[n] = 0xff; + } + } + if (ZWRITE(*pzlib_filefunc_def,filestream,buf,nbByte)!=(uLong)nbByte) return ZIP_ERRNO; else *************** *** 287,293 **** --- 296,311 ---- buf[n] = (unsigned char)(x & 0xff); x >>= 8; } + + if (x != 0) + { /* data overflow - hack for ZIP64 */ + for (n = 0; n < nbByte; n++) + { + buf[n] = 0xff; + } + } } + /****************************************************************************/ diff -c zl121/zip.h zl121fixed/zip.h *** zl121/zip.h Wed Sep 10 11:00:17 2003 --- zl121fixed/zip.h Sun May 16 13:43:40 2004 *************** *** 1,7 **** /* zip.h -- IO for compress .zip files using zlib ! Version 1.00, September 10th, 2003 ! Copyright (C) 1998-2003 Gilles Vollant This unzip package allow creates .ZIP file, compatible with PKZip 2.04g WinZip, InfoZip tools and compatible. --- 1,7 ---- /* zip.h -- IO for compress .zip files using zlib ! Version 1.01, May 8th, 2004 ! Copyright (C) 1998-2004 Gilles Vollant This unzip package allow creates .ZIP file, compatible with PKZip 2.04g WinZip, InfoZip tools and compatible. *************** *** 211,217 **** /* Close the current file in the zipfile */ - extern int ZEXPORT zipCloseFileInZipRaw OF((zipFile file, uLong uncompressed_size, --- 211,216 ----