Work at SourceForge, help us to make it a better place! We have an immediate need for a Support Technician in our San Francisco or Denver office.

Close

#230 RAR decryptionError bug

open-accepted
nobody
None
5
2012-10-19
2012-10-19
Nathan
No

I came across this issue while dealing with a specific .RAR archive and password combination. I don't know that it would be reproducible without such an edge case. I can provide the needed files, but I rather not attach them to this ticket for privacy concerns.

In RarIn.cpp @ line 404:

if (m_BlockHeader.Type == NHeader::NBlockType::kEndOfArchive)
return S_FALSE;

That statement I believe should be moved down below the if (m_CryptoMode && m_BlockHeader.HeadSize > (1 << 10)) statement like so:

if (m_CryptoMode && m_BlockHeader.HeadSize > (1 << 10))
{
decryptionError = true;
errorMessage = k_DecryptionError;
return S_FALSE;
}
if (m_BlockHeader.Type == NHeader::NBlockType::kEndOfArchive)
return S_FALSE;

In other words, I think what is happening is being compared before we validate the HeadSize. If the HeadSize is greater than 1024 and the type so happens to be NHeader::NBlockType::kEndOfArchive it can be uninterrupted.

Perhaps you have a better way of doing it. I haven't dived into the whole code, but I believe the HeadSize should be evaluated first.

Discussion

  • Igor Pavlov
    Igor Pavlov
    2012-10-19

    • status: open --> open-accepted
     
  • Igor Pavlov
    Igor Pavlov
    2012-10-19

    I'll fix it in next version.
    Thanks!!!