Don't install APK files with unsupported General Purpose Bit Flag bits.

Bug: 8476102 (cherry picked from commit d0bd4c19) Change-Id: I03f19095ac4e6f8abcb61ba6c120227c2df1f2d1

Don't install APK files with unsupported General Purpose Bit Flag bits.
Bug: 8476102 (cherry picked from commit d0bd4c19) Change-Id: I03f19095ac4e6f8abcb61ba6c120227c2df1f2d1
6aed748d · William Luh · 757601b6 · 6aed748d · 6aed748d · 6aed748d
Commit 6aed748d authored 12 years ago by William Luh
3 changed files
--- a/luni/src/main/java/java/util/zip/ZipEntry.java
+++ b/luni/src/main/java/java/util/zip/ZipEntry.java
@@ -357,7 +357,13 @@ public class ZipEntry implements ZipConstants, Cloneable {
             throw new ZipException("Central Directory Entry not found");
        }

-        it.seek(10);
+        it.seek(8);
+        int gpbf = it.readShort();
+
+        if ((gpbf & ~ZipFile.GPBF_SUPPORTED_MASK) != 0) {
+            throw new ZipException("Invalid General Purpose Bit Flag: " + gpbf);
+        }
+
        compressionMethod = it.readShort();
        time = it.readShort();
        modDate = it.readShort();

--- a/luni/src/main/java/java/util/zip/ZipFile.java
+++ b/luni/src/main/java/java/util/zip/ZipFile.java
@@ -67,6 +67,12 @@ public class ZipFile implements ZipConstants {
     */
    static final int GPBF_UTF8_FLAG = 1 << 11;

+    /**
+     * Supported General Purpose Bit Flags Mask.
+     * Bit mask of supported GPBF bits.
+     */
+    static final int GPBF_SUPPORTED_MASK = GPBF_DATA_DESCRIPTOR_FLAG | GPBF_UTF8_FLAG;
+
    /**
     * Open zip file for reading.
     */
@@ -242,11 +248,19 @@ public class ZipFile implements ZipConstants {
        RandomAccessFile localRaf = raf;
        synchronized (localRaf) {
            // We don't know the entry data's start position. All we have is the
-            // position of the entry's local header. At position 28 we find the
-            // length of the extra data. In some cases this length differs from
-            // the one coming in the central header.
-            RAFStream rafStream = new RAFStream(localRaf, entry.localHeaderRelOffset + 28);
+            // position of the entry's local header. At position 6 we find the
+            // General Purpose Bit Flag.
+            // http://www.pkware.com/documents/casestudies/APPNOTE.TXT
+            RAFStream rafStream= new RAFStream(localRaf, entry.localHeaderRelOffset + 6);
            DataInputStream is = new DataInputStream(rafStream);
+            int gpbf = Short.reverseBytes(is.readShort());
+            if ((gpbf & ~ZipFile.GPBF_SUPPORTED_MASK) != 0) {
+                throw new ZipException("Invalid General Purpose Bit Flag: " + gpbf);
+            }
+
+            // At position 28 we find the length of the extra data. In some cases
+            // this length differs from the one coming in the central header.
+            is.skipBytes(20);
            int localExtraLenOrWhatever = Short.reverseBytes(is.readShort());
            is.close();


--- a/luni/src/main/java/java/util/zip/ZipInputStream.java
+++ b/luni/src/main/java/java/util/zip/ZipInputStream.java
@@ -237,6 +237,10 @@ public class ZipInputStream extends InflaterInputStream implements ZipConstants
            throw new ZipException("Cannot read local header version " + version);
        }
        int flags = peekShort(LOCFLG - LOCVER);
+        if ((flags & ~ZipFile.GPBF_SUPPORTED_MASK) != 0) {
+            throw new ZipException("Invalid General Purpose Bit Flag: " + flags);
+        }
+
        hasDD = ((flags & ZipFile.GPBF_DATA_DESCRIPTOR_FLAG) != 0);
        int ceLastModifiedTime = peekShort(LOCTIM - LOCVER);
        int ceLastModifiedDate = peekShort(LOCTIM - LOCVER + 2);