RFR: 8316141: Improve CEN header validation checking
Lance Andersen
lancea at openjdk.org
Thu Nov 9 17:24:58 UTC 2023
On Wed, 8 Nov 2023 19:59:34 GMT, Lance Andersen <lancea at openjdk.org> wrote:
> Please review this PR which enhances the existing CEN header validation checking to ensure that the
> size of the CEN Header + name length + comment length + extra length do not exceed 65,535 bytes per the PKWare APP.NOTE 4.4.10, 4.4.11, & 4.4.12. Also check that current CEN header will not exceed the length of the CEN array.
>
> Mach 5 tiers 1-3 are clean with this change.
Thank you for the comments. See my replies below.
Regarding you comment about checking whether or not to check if the combined length of the CEN header + name length + comment length + extra length > 65K bytes, I chose to add this given the strong wording given this a really old spec. That being said, I do not object to removing the validation if that is the overall preference.
zerror("invalid CEN header (bad header size)");
}
-------------
PR Review: https://git.openjdk.org/jdk/pull/16570#pullrequestreview-1723102540
More information about the core-libs-dev
mailing list