Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(246)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chrome/common/safe_browsing/zip_analyzer.cc

Issue 1028243002: Validate that zip entry filenames are UTF8. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: simple validation Created 5 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "chrome/common/safe_browsing/zip_analyzer.h" 5 #include "chrome/common/safe_browsing/zip_analyzer.h"
6 6
7 #include "base/i18n/streaming_utf8_validator.h"
7 #include "base/logging.h" 8 #include "base/logging.h"
8 #include "base/macros.h" 9 #include "base/macros.h"
9 #include "chrome/common/safe_browsing/binary_feature_extractor.h" 10 #include "chrome/common/safe_browsing/binary_feature_extractor.h"
10 #include "chrome/common/safe_browsing/csd.pb.h" 11 #include "chrome/common/safe_browsing/csd.pb.h"
11 #include "chrome/common/safe_browsing/download_protection_util.h" 12 #include "chrome/common/safe_browsing/download_protection_util.h"
12 #include "chrome/common/safe_browsing/zip_analyzer_results.h" 13 #include "chrome/common/safe_browsing/zip_analyzer_results.h"
13 #include "crypto/secure_hash.h" 14 #include "crypto/secure_hash.h"
14 #include "crypto/sha2.h" 15 #include "crypto/sha2.h"
15 #include "third_party/zlib/google/zip_reader.h" 16 #include "third_party/zlib/google/zip_reader.h"
16 17
(...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after
51 void HashingFileWriter::ComputeDigest(uint8_t* digest, size_t digest_length) { 52 void HashingFileWriter::ComputeDigest(uint8_t* digest, size_t digest_length) {
52 sha256_->Finish(digest, digest_length); 53 sha256_->Finish(digest, digest_length);
53 } 54 }
54 55
55 void AnalyzeContainedFile( 56 void AnalyzeContainedFile(
56 const scoped_refptr<BinaryFeatureExtractor>& binary_feature_extractor, 57 const scoped_refptr<BinaryFeatureExtractor>& binary_feature_extractor,
57 const base::FilePath& file_path, 58 const base::FilePath& file_path,
58 zip::ZipReader* reader, 59 zip::ZipReader* reader,
59 base::File* temp_file, 60 base::File* temp_file,
60 ClientDownloadRequest_ArchivedBinary* archived_binary) { 61 ClientDownloadRequest_ArchivedBinary* archived_binary) {
61 archived_binary->set_file_basename(file_path.BaseName().AsUTF8Unsafe()); 62 std::string file_basename(file_path.BaseName().AsUTF8Unsafe());
63 if (base::StreamingUtf8Validator::Validate(file_basename))
64 archived_binary->set_file_basename(file_basename);
62 archived_binary->set_download_type( 65 archived_binary->set_download_type(
63 download_protection_util::GetDownloadType(file_path)); 66 download_protection_util::GetDownloadType(file_path));
64 archived_binary->set_length(reader->current_entry_info()->original_size()); 67 archived_binary->set_length(reader->current_entry_info()->original_size());
65 HashingFileWriter writer(temp_file); 68 HashingFileWriter writer(temp_file);
66 if (reader->ExtractCurrentEntry(&writer)) { 69 if (reader->ExtractCurrentEntry(&writer)) {
67 uint8_t digest[crypto::kSHA256Length]; 70 uint8_t digest[crypto::kSHA256Length];
68 writer.ComputeDigest(&digest[0], arraysize(digest)); 71 writer.ComputeDigest(&digest[0], arraysize(digest));
69 archived_binary->mutable_digests()->set_sha256(&digest[0], 72 archived_binary->mutable_digests()->set_sha256(&digest[0],
70 arraysize(digest)); 73 arraysize(digest));
71 if (!binary_feature_extractor->ExtractImageHeadersFromFile( 74 if (!binary_feature_extractor->ExtractImageHeadersFromFile(
(...skipping 42 matching lines...) Expand 10 before | Expand all | Expand 10 after
114 } 117 }
115 } else { 118 } else {
116 DVLOG(3) << "Ignoring non-binary file: " << file.value(); 119 DVLOG(3) << "Ignoring non-binary file: " << file.value();
117 } 120 }
118 } 121 }
119 results->success = true; 122 results->success = true;
120 } 123 }
121 124
122 } // namespace zip_analyzer 125 } // namespace zip_analyzer
123 } // namespace safe_browsing 126 } // namespace safe_browsing
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698