It turns out that zlib defaults to just copying data verbatim if the input isn't in gzip format, rather than rejecting it. Explicitly add a check that zlib isn't doing that. (The toybox inflation path already errors out.)
Also add the missing test. --- tests/gzip.test | 3 +++ toys/lsb/gzip.c | 1 + 2 files changed, 4 insertions(+)
From 4a14e130add409ec3beb5534d24f3af7f3cd1751 Mon Sep 17 00:00:00 2001 From: Elliott Hughes <[email protected]> Date: Sun, 22 Dec 2019 19:18:29 -0800 Subject: [PATCH] gzip: reject non-gzip files in zlib path. It turns out that zlib defaults to just copying data verbatim if the input isn't in gzip format, rather than rejecting it. Explicitly add a check that zlib isn't doing that. (The toybox inflation path already errors out.) Also add the missing test. --- tests/gzip.test | 3 +++ toys/lsb/gzip.c | 1 + 2 files changed, 4 insertions(+) diff --git a/tests/gzip.test b/tests/gzip.test index 24bd01ed..b458307e 100644 --- a/tests/gzip.test +++ b/tests/gzip.test @@ -76,3 +76,6 @@ testing "permissions/times preservation" \ "gzip -k f1 && TZ=UTC stat -c '%a %Y' f1 && stat -c '%a %X %Y' f1.gz" \ "411 544413660\n411 252558240 544413660\n" "" "" rm -f f1 f1.gz + +testing "reject non-gzip" "gzip -dc $FILES/blkid/msdos.bz2 2>/dev/null || + echo rejected" "rejected\n" "" "" diff --git a/toys/lsb/gzip.c b/toys/lsb/gzip.c index 3038495e..049285af 100644 --- a/toys/lsb/gzip.c +++ b/toys/lsb/gzip.c @@ -78,6 +78,7 @@ static int do_deflate(int in_fd, int out_fd, int dd, int level) } if (!(gz = gzdopen(dd ? in_fd : out_fd, b))) perror_exit("gzdopen"); if (dd) { + if (gzdirect(gz)) error_exit("not gzip"); while ((len = gzread(gz, toybuf, sizeof(toybuf))) > 0) if (len != writeall(out_fd, toybuf, len)) break; } else { -- 2.24.1.735.g03f4e72817-goog
_______________________________________________ Toybox mailing list [email protected] http://lists.landley.net/listinfo.cgi/toybox-landley.net
