From cd7a01c34fc4304ef8161ee617568f274ace5d24 Mon Sep 17 00:00:00 2001
From: Mounir IDRASSI <mounir.idrassi@idrix.fr>
Date: Sun, 18 Mar 2018 23:13:40 +0100
Subject: Windows: Update libzip to version 1.5.0 that include fixes for some
 security issues.

---
 src/Common/libzip/zip_source_zip_new.c | 99 +++++++++++++++++-----------------
 1 file changed, 49 insertions(+), 50 deletions(-)

(limited to 'src/Common/libzip/zip_source_zip_new.c')

diff --git a/src/Common/libzip/zip_source_zip_new.c b/src/Common/libzip/zip_source_zip_new.c
index 92562558..a5cfee3a 100644
--- a/src/Common/libzip/zip_source_zip_new.c
+++ b/src/Common/libzip/zip_source_zip_new.c
@@ -1,6 +1,6 @@
 /*
   zip_source_zip_new.c -- prepare data structures for zip_fopen/zip_source_zip
-  Copyright (C) 2012-2016 Dieter Baron and Thomas Klausner
+  Copyright (C) 2012-2017 Dieter Baron and Thomas Klausner
 
   This file is part of libzip, a library to manipulate ZIP archives.
   The authors can be contacted at <libzip@nih.at>
@@ -17,7 +17,7 @@
   3. The names of the authors may not be used to endorse or promote
      products derived from this software without specific prior
      written permission.
- 
+
   THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS
   OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
   WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -38,13 +38,10 @@
 
 
 zip_source_t *
-_zip_source_zip_new(zip_t *za, zip_t *srcza, zip_uint64_t srcidx, zip_flags_t flags, zip_uint64_t start, zip_uint64_t len, const char *password)
-{
-    zip_compression_implementation comp_impl;
-    zip_encryption_implementation enc_impl;
+_zip_source_zip_new(zip_t *za, zip_t *srcza, zip_uint64_t srcidx, zip_flags_t flags, zip_uint64_t start, zip_uint64_t len, const char *password) {
     zip_source_t *src, *s2;
-    zip_uint64_t offset;
     struct zip_stat st;
+    bool partial_data, needs_crc, needs_decrypt, needs_decompress;
 
     if (za == NULL)
 	return NULL;
@@ -54,13 +51,12 @@ _zip_source_zip_new(zip_t *za, zip_t *srcza, zip_uint64_t srcidx, zip_flags_t fl
 	return NULL;
     }
 
-    if ((flags & ZIP_FL_UNCHANGED) == 0
-	&& (ZIP_ENTRY_DATA_CHANGED(srcza->entry+srcidx) || srcza->entry[srcidx].deleted)) {
+    if ((flags & ZIP_FL_UNCHANGED) == 0 && (ZIP_ENTRY_DATA_CHANGED(srcza->entry + srcidx) || srcza->entry[srcidx].deleted)) {
 	zip_error_set(&za->error, ZIP_ER_CHANGED, 0);
 	return NULL;
     }
 
-    if (zip_stat_index(srcza, srcidx, flags|ZIP_FL_UNCHANGED, &st) < 0) {
+    if (zip_stat_index(srcza, srcidx, flags | ZIP_FL_UNCHANGED, &st) < 0) {
 	zip_error_set(&za->error, ZIP_ER_INTERNAL, 0);
 	return NULL;
     }
@@ -74,70 +70,74 @@ _zip_source_zip_new(zip_t *za, zip_t *srcza, zip_uint64_t srcidx, zip_flags_t fl
     }
 
     /* overflow or past end of file */
-    if ((start > 0 || len > 0) && (start+len < start || start+len > st.size)) {
+    if ((start > 0 || len > 0) && (start + len < start || start + len > st.size)) {
 	zip_error_set(&za->error, ZIP_ER_INVAL, 0);
 	return NULL;
     }
 
-    enc_impl = NULL;
-    if (((flags & ZIP_FL_ENCRYPTED) == 0) && (st.encryption_method != ZIP_EM_NONE)) {
-        if (password == NULL) {
-            password = za->default_password;
-        }
+    if (len == 0) {
+	len = st.size - start;
+    }
+
+    partial_data = len < st.size;
+    needs_decrypt = ((flags & ZIP_FL_ENCRYPTED) == 0) && (st.encryption_method != ZIP_EM_NONE);
+    needs_decompress = ((flags & ZIP_FL_COMPRESSED) == 0) && (st.comp_method != ZIP_CM_STORE);
+    /* when reading the whole file, check for CRC errors */
+    needs_crc = ((flags & ZIP_FL_COMPRESSED) == 0 || st.comp_method == ZIP_CM_STORE) && !partial_data;
+
+    if (needs_decrypt) {
 	if (password == NULL) {
-	    zip_error_set(&za->error, ZIP_ER_NOPASSWD, 0);
-	    return NULL;
+	    password = za->default_password;
 	}
-	if ((enc_impl=_zip_get_encryption_implementation(st.encryption_method, ZIP_CODEC_DECODE)) == NULL) {
-	    zip_error_set(&za->error, ZIP_ER_ENCRNOTSUPP, 0);
+	if (password == NULL) {
+	    zip_error_set(&za->error, ZIP_ER_NOPASSWD, 0);
 	    return NULL;
 	}
     }
 
-    comp_impl = NULL;
-    if ((flags & ZIP_FL_COMPRESSED) == 0) {
-	if (st.comp_method != ZIP_CM_STORE) {
-	    if ((comp_impl=_zip_get_compression_implementation(st.comp_method, ZIP_CODEC_DECODE)) == NULL) {
-		zip_error_set(&za->error, ZIP_ER_COMPNOTSUPP, 0);
-		return NULL;
-	    }
-	}
-    }
-
-    if ((offset=_zip_file_get_offset(srcza, srcidx, &za->error)) == 0)
-	return NULL;
-
     if (st.comp_size == 0) {
 	return zip_source_buffer(za, NULL, 0, 0);
     }
 
-    if (start+len > 0 && enc_impl == NULL && comp_impl == NULL) {
+    if (partial_data && !needs_decrypt && !needs_decompress) {
 	struct zip_stat st2;
-	
-	st2.size = len ? len : st.size-start;
-	st2.comp_size = st2.size;
+
+	st2.size = len;
+	st2.comp_size = len;
 	st2.comp_method = ZIP_CM_STORE;
 	st2.mtime = st.mtime;
-	st2.valid = ZIP_STAT_SIZE|ZIP_STAT_COMP_SIZE|ZIP_STAT_COMP_METHOD|ZIP_STAT_MTIME;
-	
-	if ((src = _zip_source_window_new(srcza->src, offset+start, st2.size, &st2, &za->error)) == NULL) {
+	st2.valid = ZIP_STAT_SIZE | ZIP_STAT_COMP_SIZE | ZIP_STAT_COMP_METHOD | ZIP_STAT_MTIME;
+
+	if ((src = _zip_source_window_new(srcza->src, start, len, &st2, 0, srcza, srcidx, &za->error)) == NULL) {
 	    return NULL;
 	}
     }
     else {
-	if ((src = _zip_source_window_new(srcza->src, offset, st.comp_size, &st, &za->error)) == NULL) {
+	zip_dirent_t *de;
+
+	if ((de = _zip_get_dirent(srcza, srcidx, flags, &za->error)) == NULL) {
+	    return NULL;
+	}
+	if ((src = _zip_source_window_new(srcza->src, 0, st.comp_size, &st, (de->bitflags >> 1) & 3, srcza, srcidx, &za->error)) == NULL) {
 	    return NULL;
 	}
     }
-	
+
     if (_zip_source_set_source_archive(src, srcza) < 0) {
 	zip_source_free(src);
 	return NULL;
     }
 
     /* creating a layered source calls zip_keep() on the lower layer, so we free it */
-	
-    if (enc_impl) {
+
+    if (needs_decrypt) {
+	zip_encryption_implementation enc_impl;
+
+	if ((enc_impl = _zip_get_encryption_implementation(st.encryption_method, ZIP_CODEC_DECODE)) == NULL) {
+	    zip_error_set(&za->error, ZIP_ER_ENCRNOTSUPP, 0);
+	    return NULL;
+	}
+
 	s2 = enc_impl(za, src, st.encryption_method, 0, password);
 	zip_source_free(src);
 	if (s2 == NULL) {
@@ -145,16 +145,15 @@ _zip_source_zip_new(zip_t *za, zip_t *srcza, zip_uint64_t srcidx, zip_flags_t fl
 	}
 	src = s2;
     }
-    if (comp_impl) {
-	s2 = comp_impl(za, src, st.comp_method, 0);
+    if (needs_decompress) {
+	s2 = zip_source_decompress(za, src, st.comp_method);
 	zip_source_free(src);
 	if (s2 == NULL) {
 	    return NULL;
 	}
 	src = s2;
     }
-    if (((flags & ZIP_FL_COMPRESSED) == 0 || st.comp_method == ZIP_CM_STORE) && (len == 0 || len == st.comp_size)) {
-	/* when reading the whole file, check for CRC errors */
+    if (needs_crc) {
 	s2 = zip_source_crc(za, src, 1);
 	zip_source_free(src);
 	if (s2 == NULL) {
@@ -163,8 +162,8 @@ _zip_source_zip_new(zip_t *za, zip_t *srcza, zip_uint64_t srcidx, zip_flags_t fl
 	src = s2;
     }
 
-    if (start+len > 0 && (comp_impl || enc_impl)) {
-	s2 = zip_source_window(za, src, start, len ? len : st.size-start);
+    if (partial_data && (needs_decrypt || needs_decompress)) {
+	s2 = zip_source_window(za, src, start, len);
 	zip_source_free(src);
 	if (s2 == NULL) {
 	    return NULL;
-- 
cgit v1.2.3