[Zlib-devel] Minizip decrypt bug

Nathan Moinvaziri nathan at nathanm.com
Thu Dec 20 16:10:10 EST 2012 

I believe I've found a bug in minizip contrib that is part of zlib. It is in unzip.c in unzOpenCurrentFile3 when it goes to read the first 12 bytes of a password protected zip file. 

        if(ZREAD64(s->z_filefunc, s->filestream,source, 12)<12)
            return UNZ_INTERNALERROR;

        for (i = 0; i<12; i++)
            zdecode(s->keys,s->pcrc_32_tab,source[i]);

        s->pfile_in_zip_read->pos_in_zipfile+=12;

It should actually be compensating for those 12 bytes when it goes to read the content, so adding:

        pfile_in_zip_read_info->rest_read_compressed -= 12;

After 

        s->pfile_in_zip_read->pos_in_zipfile+=12;

Will fix it. Without that statement it will attempt to over-read by 12 bytes.

https://github.com/nmoinvaz/minizip/commit/8628204eaf4f4bfcd1f908368b33a469a650044b

Thanks,
Nathan

More information about the Zlib-devel mailing list