8316141: Improve CEN header validation checking

Reviewed-by: alanb

src/java.base/share/classes/java/util/zip/ZipFile.java

@@ -1222,16 +1222,17 @@ public class ZipFile implements ZipConstants, Closeable {
             int nlen = CENNAM(cen, pos);
             int elen = CENEXT(cen, pos);
             int clen = CENCOM(cen, pos);
-            if (entryPos + nlen > cen.length - ENDHDR) {
+            long headerSize = (long)CENHDR + nlen + clen + elen;
+            // CEN header size + name length + comment length + extra length
+            // should not exceed 65,535 bytes per the PKWare APP.NOTE
+            // 4.4.10, 4.4.11, & 4.4.12.  Also check that current CEN header will
+            // not exceed the length of the CEN array
+            if (headerSize > 0xFFFF || pos + headerSize > cen.length - ENDHDR) {
                 zerror("invalid CEN header (bad header size)");
             }
 
             if (elen > 0 && !DISABLE_ZIP64_EXTRA_VALIDATION) {
-                long extraStartingOffset = pos + CENHDR + nlen;
-                if ((int)extraStartingOffset != extraStartingOffset) {
-                    zerror("invalid CEN header (bad extra offset)");
-                }
-                checkExtraFields(pos, (int)extraStartingOffset, elen);
+                checkExtraFields(pos, entryPos + nlen, elen);
             } else if (elen == 0 && (CENSIZ(cen, pos) == ZIP64_MAGICVAL
                     || CENLEN(cen, pos) == ZIP64_MAGICVAL
                     || CENOFF(cen, pos) == ZIP64_MAGICVAL
@@ -1292,7 +1293,7 @@ public class ZipFile implements ZipConstants, Closeable {
 
                 int tagBlockSize = get16(cen, currentOffset);
                 currentOffset += Short.BYTES;
-                int tagBlockEndingOffset = currentOffset + tagBlockSize;
+                long tagBlockEndingOffset = (long)currentOffset + tagBlockSize;
 
                 //  The ending offset for this tag block should not go past the
                 //  offset for the end of the extra field