From b4fa875dc24950680c386e4b1c593660ce4f7839 Mon Sep 17 00:00:00 2001 From: Martin Stefanko Date: Sun, 1 Oct 2023 23:06:24 +0200 Subject: [PATCH] Fix a bug where xlen larger than 0x7fff was rejected (#1334) Backported from 81bce1a30af244550b0324597720e4799281da7b --- okio/src/main/java/okio/GzipSource.java | 2 +- okio/src/test/java/okio/GzipSourceTest.java | 16 +++++++++++++++- 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/okio/src/main/java/okio/GzipSource.java b/okio/src/main/java/okio/GzipSource.java index 1ef6cb4963..dfe1a74aee 100644 --- a/okio/src/main/java/okio/GzipSource.java +++ b/okio/src/main/java/okio/GzipSource.java @@ -127,7 +127,7 @@ private void consumeHeader() throws IOException { if (((flags >> FEXTRA) & 1) == 1) { source.require(2); if (fhcrc) updateCrc(source.buffer(), 0, 2); - int xlen = source.buffer().readShortLe(); + int xlen = source.buffer().readShortLe() & 0xffff; source.require(xlen); if (fhcrc) updateCrc(source.buffer(), 0, xlen); source.skip(xlen); diff --git a/okio/src/test/java/okio/GzipSourceTest.java b/okio/src/test/java/okio/GzipSourceTest.java index e3574c0c47..f4ae369a71 100644 --- a/okio/src/test/java/okio/GzipSourceTest.java +++ b/okio/src/test/java/okio/GzipSourceTest.java @@ -15,9 +15,11 @@ */ package okio; +import org.junit.Test; + +import java.io.ByteArrayOutputStream; import java.io.IOException; import java.util.zip.CRC32; -import org.junit.Test; import static okio.Util.UTF_8; import static org.junit.Assert.assertEquals; @@ -182,6 +184,18 @@ private void assertGzipped(Buffer gzipped) throws IOException { } } + @Test public void extraLongXlen() throws Exception { + int xlen = 0xffff; + Buffer gzippedSource = new Buffer() + .write(gzipHeaderWithFlags((byte) 0x04)); + gzippedSource.writeShort((short) xlen); + gzippedSource.write(new byte[xlen]); + gzippedSource.write(ByteString.decodeHex("f3c8540400dac59e7903000000")); + + Buffer gunzipped = gunzip(gzippedSource); + assertEquals("Hi!", gunzipped.readUtf8()); + } + private ByteString gzipHeaderWithFlags(byte flags) { byte[] result = gzipHeader.toByteArray(); result[3] = flags;