chrome/common/safe_browsing/zip_analyzer.cc - Issue 1028243002: Validate that zip entry filenames are UTF8.

Unified Diff: chrome/common/safe_browsing/zip_analyzer.cc

Issue 1028243002: Validate that zip entry filenames are UTF8. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Created 5 years, 9 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

Index: chrome/common/safe_browsing/zip_analyzer.cc

diff --git a/chrome/common/safe_browsing/zip_analyzer.cc b/chrome/common/safe_browsing/zip_analyzer.cc

index 6f1d5e261fc663c387f8e7f229efd6ef3bc107ad..26eccf95e743813a9d8cfb6829a2ec5d63363aec 100644

--- a/chrome/common/safe_browsing/zip_analyzer.cc

+++ b/chrome/common/safe_browsing/zip_analyzer.cc

@@ -100,6 +100,11 @@ void AnalyzeZipFile(base::File zip_file,

DVLOG(1) << "Failed to open current entry in zip file";

continue;

}

+ if (reader.current_entry_info()->is_unsafe()) {

+ DVLOG(1) << "Found unsafe entry in zip file.";

+ results->has_unsafe_file = true;

+ continue;

+ }

const base::FilePath& file = reader.current_entry_info()->file_path();

grt (UTC plus 2) 2015/03/23 20:11:55 It seems to me that this file_path() member should

mattm 2015/03/23 23:04:13 Hm, not sure this is necessary. I assume invalid c

grt (UTC plus 2) 2015/03/24 18:55:23 The motivation for this is that the file_basename

if (download_protection_util::IsBinaryFile(file)) {

// Don't consider an archived archive to be executable, but record