From 57a4545fdff6710782497601cd2223b4d3026afc Mon Sep 17 00:00:00 2001 From: fickleheart Date: Fri, 7 Feb 2020 00:01:20 -0600 Subject: [PATCH 1/5] PK3: Proper ignorance for file comments/extra data --- src/w_wad.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/src/w_wad.c b/src/w_wad.c index 1df2eacc7..00bdb7183 100644 --- a/src/w_wad.c +++ b/src/w_wad.c @@ -580,7 +580,7 @@ static lumpinfo_t* ResGetLumpsZip (FILE* handle, UINT16* nlmp) return NULL; } - lump_p->position = zentry->offset + zentry->namelen + zentry->xtralen + sizeof(zlentry_t); + lump_p->position = zentry->offset + zentry->namelen + sizeof(zlentry_t); lump_p->disksize = zentry->compsize; lump_p->size = zentry->size; @@ -629,6 +629,15 @@ static lumpinfo_t* ResGetLumpsZip (FILE* handle, UINT16* nlmp) lump_p->compression = CM_UNSUPPORTED; break; } + + // skip and ignore comments/extra fields + if (fseek(handle, zentry->xtralen + zentry->commlen, SEEK_CUR) != 0) + { + CONS_Alert(CONS_ERROR, "Central directory %d is corrupt (%02x%02x%02x%02x)\n", i, zentry->signature[0], zentry->signature[1], zentry->signature[2], zentry->signature[3]); + Z_Free(lumpinfo); + free(zentries); + return NULL; + } } free(zentries); From 8cb9d6f670c1982171f41d0a4ec715a6cd918c0c Mon Sep 17 00:00:00 2001 From: fickleheart Date: Fri, 7 Feb 2020 00:04:02 -0600 Subject: [PATCH 2/5] Uhhh do VerifyPk3 too --- src/w_wad.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/w_wad.c b/src/w_wad.c index 00bdb7183..9f36e5d2a 100644 --- a/src/w_wad.c +++ b/src/w_wad.c @@ -1819,6 +1819,10 @@ W_VerifyPK3 (FILE *fp, lumpchecklist_t *checklist, boolean status) } free(fullname); + + // skip and ignore comments/extra fields + if (fseek(fp, zentry->xtralen + zentry->commlen, SEEK_CUR) != 0) + return true; } return true; From f7cf8e50f86824084307a71a6d3f146707e921ae Mon Sep 17 00:00:00 2001 From: fickleheart Date: Fri, 7 Feb 2020 18:43:20 -0600 Subject: [PATCH 3/5] Oops --- src/w_wad.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/w_wad.c b/src/w_wad.c index 9f36e5d2a..3e8502b5e 100644 --- a/src/w_wad.c +++ b/src/w_wad.c @@ -633,7 +633,7 @@ static lumpinfo_t* ResGetLumpsZip (FILE* handle, UINT16* nlmp) // skip and ignore comments/extra fields if (fseek(handle, zentry->xtralen + zentry->commlen, SEEK_CUR) != 0) { - CONS_Alert(CONS_ERROR, "Central directory %d is corrupt (%02x%02x%02x%02x)\n", i, zentry->signature[0], zentry->signature[1], zentry->signature[2], zentry->signature[3]); + CONS_Alert(CONS_ERROR, "Central directory is corrupt\n"); Z_Free(lumpinfo); free(zentries); return NULL; @@ -1821,7 +1821,7 @@ W_VerifyPK3 (FILE *fp, lumpchecklist_t *checklist, boolean status) free(fullname); // skip and ignore comments/extra fields - if (fseek(fp, zentry->xtralen + zentry->commlen, SEEK_CUR) != 0) + if (fseek(fp, zentry.xtralen + zentry.commlen, SEEK_CUR) != 0) return true; } From ee9aa86ecd8ffdbcd7913193a02365e5a536df84 Mon Sep 17 00:00:00 2001 From: fickleheart Date: Fri, 7 Feb 2020 18:46:46 -0600 Subject: [PATCH 4/5] Use the proper numbers to adjust lump's offset position --- src/w_wad.c | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/src/w_wad.c b/src/w_wad.c index 3e8502b5e..874b99cc7 100644 --- a/src/w_wad.c +++ b/src/w_wad.c @@ -529,6 +529,7 @@ static lumpinfo_t* ResGetLumpsZip (FILE* handle, UINT16* nlmp) zend_t zend; zentry_t* zentries; zentry_t* zentry; + zlentry_t zlentry; UINT16 numlumps = *nlmp; lumpinfo_t* lumpinfo; @@ -580,7 +581,7 @@ static lumpinfo_t* ResGetLumpsZip (FILE* handle, UINT16* nlmp) return NULL; } - lump_p->position = zentry->offset + zentry->namelen + sizeof(zlentry_t); + lump_p->position = zentry->offset; // NOT ACCURATE YET: we still need to read the local entry to find our true position lump_p->disksize = zentry->compsize; lump_p->size = zentry->size; @@ -642,6 +643,20 @@ static lumpinfo_t* ResGetLumpsZip (FILE* handle, UINT16* nlmp) free(zentries); + // Adjust lump position values properly + for (i = 0, lump_p = lumpinfo; i < numlumps; i++, lump_p++) + { + // skip and ignore comments/extra fields + if ((fseek(handle, lump_p->position, SEEK_SET) != 0) || (fread(&zlentry, 1, sizeof(zlentry_t), handle) < sizeof(zlentry_t))) + { + CONS_Alert(CONS_ERROR, "Local headers for lump %s are corrupt\n", lump_p->name2); + Z_Free(lumpinfo); + return NULL; + } + + lump_p->position += sizeof(zlentry_t) + zlentry.namelen + zlentry.xtralen; + } + *nlmp = numlumps; return lumpinfo; } From fb7c4ab812a26ec3b1007cd5adbd9c300061cf38 Mon Sep 17 00:00:00 2001 From: fickleheart Date: Fri, 7 Feb 2020 18:47:56 -0600 Subject: [PATCH 5/5] zentries is unnecessary --- src/w_wad.c | 34 +++++++++++++--------------------- 1 file changed, 13 insertions(+), 21 deletions(-) diff --git a/src/w_wad.c b/src/w_wad.c index 874b99cc7..9137c477f 100644 --- a/src/w_wad.c +++ b/src/w_wad.c @@ -527,8 +527,7 @@ typedef struct zlentry_s static lumpinfo_t* ResGetLumpsZip (FILE* handle, UINT16* nlmp) { zend_t zend; - zentry_t* zentries; - zentry_t* zentry; + zentry_t zentry; zlentry_t zlentry; UINT16 numlumps = *nlmp; @@ -557,40 +556,36 @@ static lumpinfo_t* ResGetLumpsZip (FILE* handle, UINT16* nlmp) numlumps = zend.entries; lump_p = lumpinfo = Z_Malloc(numlumps * sizeof (*lumpinfo), PU_STATIC, NULL); - zentry = zentries = malloc(numlumps * sizeof (*zentries)); fseek(handle, zend.cdiroffset, SEEK_SET); - for (i = 0; i < numlumps; i++, zentry++, lump_p++) + for (i = 0; i < numlumps; i++, lump_p++) { char* fullname; char* trimname; char* dotpos; - if (fread(zentry, 1, sizeof(zentry_t), handle) < sizeof(zentry_t)) + if (fread(&zentry, 1, sizeof(zentry_t), handle) < sizeof(zentry_t)) { CONS_Alert(CONS_ERROR, "Failed to read central directory (%s)\n", M_FileError(handle)); Z_Free(lumpinfo); - free(zentries); return NULL; } - if (memcmp(zentry->signature, pat_central, 4)) + if (memcmp(zentry.signature, pat_central, 4)) { CONS_Alert(CONS_ERROR, "Central directory is corrupt\n"); Z_Free(lumpinfo); - free(zentries); return NULL; } - lump_p->position = zentry->offset; // NOT ACCURATE YET: we still need to read the local entry to find our true position - lump_p->disksize = zentry->compsize; - lump_p->size = zentry->size; + lump_p->position = zentry.offset; // NOT ACCURATE YET: we still need to read the local entry to find our true position + lump_p->disksize = zentry.compsize; + lump_p->size = zentry.size; - fullname = malloc(zentry->namelen + 1); - if (fgets(fullname, zentry->namelen + 1, handle) != fullname) + fullname = malloc(zentry.namelen + 1); + if (fgets(fullname, zentry.namelen + 1, handle) != fullname) { CONS_Alert(CONS_ERROR, "Unable to read lumpname (%s)\n", M_FileError(handle)); Z_Free(lumpinfo); - free(zentries); free(fullname); return NULL; } @@ -607,12 +602,12 @@ static lumpinfo_t* ResGetLumpsZip (FILE* handle, UINT16* nlmp) memset(lump_p->name, '\0', 9); // Making sure they're initialized to 0. Is it necessary? strncpy(lump_p->name, trimname, min(8, dotpos - trimname)); - lump_p->name2 = Z_Calloc(zentry->namelen + 1, PU_STATIC, NULL); - strncpy(lump_p->name2, fullname, zentry->namelen); + lump_p->name2 = Z_Calloc(zentry.namelen + 1, PU_STATIC, NULL); + strncpy(lump_p->name2, fullname, zentry.namelen); free(fullname); - switch(zentry->compression) + switch(zentry.compression) { case 0: lump_p->compression = CM_NOCOMPRESSION; @@ -632,17 +627,14 @@ static lumpinfo_t* ResGetLumpsZip (FILE* handle, UINT16* nlmp) } // skip and ignore comments/extra fields - if (fseek(handle, zentry->xtralen + zentry->commlen, SEEK_CUR) != 0) + if (fseek(handle, zentry.xtralen + zentry.commlen, SEEK_CUR) != 0) { CONS_Alert(CONS_ERROR, "Central directory is corrupt\n"); Z_Free(lumpinfo); - free(zentries); return NULL; } } - free(zentries); - // Adjust lump position values properly for (i = 0, lump_p = lumpinfo; i < numlumps; i++, lump_p++) {