Improve JVM file handling, taking values from CEN, fix failing to read data from last local entry

Author: Col-E

src/main/java/software/coley/llzip/format/model/JvmLocalFileHeader.java

@@ -15,8 +15,9 @@
  */
 public class JvmLocalFileHeader extends LocalFileHeader {
 	private final NavigableSet<Long> offsets;
-	private long offset;
-	private boolean foundPk;
+	private long dataOffsetStart;
+	private long dataOffsetEnd;
+	private boolean foundData;
 	private ByteData data;
 
 	/**
@@ -33,29 +34,53 @@ public void read(ByteData data, long offset) {
 
 		// JVM file data reading does NOT use the compressed/uncompressed fields.
 		// Instead, it scans data until the next header.
-		offset += MIN_FIXED_SIZE + getFileNameLength() + getExtraFieldLength();
-		this.offset = offset;
-		Long nextOffset = offsets.ceiling(offset);
-		if (nextOffset != null) {
-			setFileData(data.slice(offset, nextOffset));
-			foundPk = true;
+		long dataOffsetStart = offset + MIN_FIXED_SIZE + getFileNameLength() + getExtraFieldLength();
+		Long dataOffsetEnd = offsets.ceiling(dataOffsetStart);
+		this.dataOffsetStart = dataOffsetStart;
+		this.dataOffsetEnd = dataOffsetEnd == null ? -1 : dataOffsetEnd;
+		if (dataOffsetEnd != null) {
+			// Valid data range found
+			setFileData(data.slice(dataOffsetStart, dataOffsetEnd));
+			foundData = true;
 		} else {
+			// Keep data reference to attempt restoration with later when linking to the CEN.
 			this.data = data;
 		}
 	}
 
 	@Override
 	public void link(CentralDirectoryFileHeader directoryFileHeader) {
 		super.link(directoryFileHeader);
-		if (!foundPk) {
+
+		// JVM trusts central directory file header contents over local
+		//  - Using fields as this maintains the lazy model
+		compressionMethod = directoryFileHeader.compressionMethod;
+		compressedSize = directoryFileHeader.compressedSize;
+		uncompressedSize = directoryFileHeader.uncompressedSize;
+		fileName = directoryFileHeader.fileName;
+		generalPurposeBitFlag = directoryFileHeader.generalPurposeBitFlag;
+		crc32 = directoryFileHeader.crc32;
+		lastModFileDate = directoryFileHeader.lastModFileDate;
+		lastModFileTime = directoryFileHeader.lastModFileTime;
+
+		// Update file data with new compressed/uncompressed size if it was not able to be found previously
+		// with only the local data available.
+		if (!foundData) {
+			// Extract updated length from CEN values
 			long fileDataLength;
 			if (getCompressionMethod() == ZipCompressions.STORED) {
-				fileDataLength = directoryFileHeader.getUncompressedSize() & 0xFFFFFFFFL;
+				fileDataLength = getUncompressedSize() & 0xFFFFFFFFL;
 			} else {
-				fileDataLength = directoryFileHeader.getCompressedSize() & 0xFFFFFFFFL;
+				fileDataLength = getCompressedSize() & 0xFFFFFFFFL;
+			}
+
+			// Only allow lengths that are within a sensible range.
+			// Data should not be overflowing into adjacent header entries.
+			// - If it is, the data here is likely intentionally tampered with to screw with parsers
+			if (fileDataLength + offset < dataOffsetEnd) {
+				setFileData(data.sliceOf(dataOffsetStart, fileDataLength));
+				data = null;
 			}
-			setFileData(data.sliceOf(offset, fileDataLength));
-			data = null;
 		}
 	}
 }

src/main/java/software/coley/llzip/format/read/JvmZipReaderStrategy.java

@@ -111,19 +111,29 @@ else if (data.getInt(jvmBaseFileOffset) == ZipPatterns.CENTRAL_DIRECTORY_FILE_HE
 		// Read local files
 		// - Set to prevent duplicate file header entries for the same offset
 		Set<Long> offsets = new HashSet<>();
-		TreeSet<Long> lfhOffsets = new TreeSet<>();
+		TreeSet<Long> entryOffsets = new TreeSet<>();
+		long earliestCdfh = Long.MAX_VALUE;
 		for (CentralDirectoryFileHeader directory : zip.getCentralDirectories()) {
+			// Update earliest central offset
+			if (directory.offset() < earliestCdfh)
+				earliestCdfh = directory.offset();
+
+			// Add associated local file header offset
 			long offset = jvmBaseFileOffset + directory.getRelativeOffsetOfLocalHeader();
 			if (data.getInt(offset) == ZipPatterns.LOCAL_FILE_HEADER_QUAD) {
-				lfhOffsets.add(offset);
+				entryOffsets.add(offset);
 			}
 		}
+		// Add the earliest central directory offset, which serves as the upper bound to search against for the
+		// last local file header entry's file data contents.
+		entryOffsets.add(earliestCdfh);
+
 		for (CentralDirectoryFileHeader directory : zip.getCentralDirectories()) {
 			long relative = directory.getRelativeOffsetOfLocalHeader();
 			long offset = jvmBaseFileOffset + relative;
 			if (!offsets.contains(offset) && data.getInt(offset) == ZipPatterns.LOCAL_FILE_HEADER_QUAD) {
 				try {
-					JvmLocalFileHeader file = new JvmLocalFileHeader(lfhOffsets);
+					JvmLocalFileHeader file = new JvmLocalFileHeader(entryOffsets);
 					file.read(data, offset);
 					zip.getParts().add(file);
 					directory.link(file);