svn commit: trunk/busybox/archival

[pgf at busybox.net]

Author: pgf
Date: 2007-11-05 15:09:03 -0800 (Mon, 05 Nov 2007)
New Revision: 20369

Log:
change safety check on zip header to allow for extra length, and
revert the header read to use the correct constant rather than
sizeof.  at least one version of gcc (armv4-linux-gcc-3.4.1) pads
the struct to 28 bytes in spite of the packing. 


Modified:
   trunk/busybox/archival/unzip.c


Changeset:
Modified: trunk/busybox/archival/unzip.c
===================================================================
--- trunk/busybox/archival/unzip.c	2007-11-05 19:33:38 UTC (rev 20368)
+++ trunk/busybox/archival/unzip.c	2007-11-05 23:09:03 UTC (rev 20369)
@@ -41,8 +41,10 @@
 #endif
 };
 
+#define ZIP_HEADER_LEN 26
+
 typedef union {
-	uint8_t raw[26];
+	uint8_t raw[ZIP_HEADER_LEN];
 	struct {
 		uint16_t version;                       /* 0-1 */
 		uint16_t flags;                         /* 2-3 */
@@ -57,8 +59,14 @@
 	} formatted ATTRIBUTE_PACKED;
 } zip_header_t;
 
+/* Check the offset of the last element, not the length.  This leniency
+ * allows for poor packing, whereby the overall struct may be too long,
+ * even though the elements are all in the right place.
+ */
 struct BUG_zip_header_must_be_26_bytes {
-	char BUG_zip_header_must_be_26_bytes[sizeof(zip_header_t) == 26 ? 1 : -1];
+	char BUG_zip_header_must_be_26_bytes[
+		offsetof(zip_header_t, formatted.extra_len) + 2 ==
+	    		ZIP_HEADER_LEN ? 1 : -1];
 };
 
 #define FIX_ENDIANNESS(zip_header) do { \
@@ -256,7 +264,7 @@
 			bb_error_msg_and_die("invalid zip magic %08X", magic);
 
 		/* Read the file header */
-		xread(src_fd, zip_header.raw, sizeof(zip_header));
+		xread(src_fd, zip_header.raw, ZIP_HEADER_LEN);
 		FIX_ENDIANNESS(zip_header);
 		if ((zip_header.formatted.method != 0) && (zip_header.formatted.method != 8)) {
 			bb_error_msg_and_die("unsupported method %d", zip_header.formatted.method);