8321156: Improve the handling of invalid UTF-8 byte sequences for ZipInputStream::getNextEntry and ZipFile::getComment

Reviewed-by: jpai, alanb
2025-08-27 06:45:07 +02:00 · 2024-02-26 15:31:55 +00:00 · 2024-02-26 15:31:55 +00:00 · 20c71ceacd
commit 20c71ceacd
parent c042f08632
3 changed files with 288 additions and 128 deletions
--- a/src/java.base/share/classes/java/util/zip/ZipFile.java
+++ b/src/java.base/share/classes/java/util/zip/ZipFile.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1995, 2023, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1995, 2024, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -308,7 +308,9 @@ public class ZipFile implements ZipConstants, Closeable {
    }

    /**
-     * Returns the zip file comment, or null if none.
+     * Returns the zip file comment. If a comment does not exist or an error is
+     * encountered decoding the comment using the charset specified
+     * when opening the Zip file, then {@code null} is returned.
     *
     * @return the comment string for the zip file, or null if none
     *
@ -322,7 +324,13 @@ public class ZipFile implements ZipConstants, Closeable {
            if (res.zsrc.comment == null) {
                return null;
            }
-            return res.zsrc.zc.toString(res.zsrc.comment);
+            // If there is a problem decoding the byte array which represents
+            // the Zip file comment, return null;
+            try {
+                return res.zsrc.zc.toString(res.zsrc.comment);
+            } catch (IllegalArgumentException iae) {
+                return null;
+            }
        }
    }

--- a/src/java.base/share/classes/java/util/zip/ZipInputStream.java
+++ b/src/java.base/share/classes/java/util/zip/ZipInputStream.java
@ -515,9 +515,16 @@ public class ZipInputStream extends InflaterInputStream implements ZipConstants
        }
        readFully(b, 0, len);
        // Force to use UTF-8 if the USE_UTF8 bit is ON
-        ZipEntry e = createZipEntry(((flag & USE_UTF8) != 0)
-                                    ? ZipCoder.toStringUTF8(b, len)
-                                    : zc.toString(b, len));
+        String entryName;
+        try {
+            entryName = ((flag & USE_UTF8) != 0) ?
+                    ZipCoder.toStringUTF8(b, len)
+                    : zc.toString(b, len);
+        } catch (Exception ex) {
+            throw (ZipException) new ZipException(
+                    "invalid LOC header (bad entry name)").initCause(ex);
+        }
+        ZipEntry e = createZipEntry(entryName);
        // now get the remaining fields for the entry
        if ((flag & 1) == 1) {
            throw new ZipException("encrypted ZIP entry not supported");