1 /*-
2  * Copyright (c) 2004-2013 Tim Kientzle
3  * Copyright (c) 2011-2012,2014 Michihiro NAKAJIMA
4  * Copyright (c) 2013 Konrad Kleine
5  * All rights reserved.
6  *
7  * Redistribution and use in source and binary forms, with or without
8  * modification, are permitted provided that the following conditions
9  * are met:
10  * 1. Redistributions of source code must retain the above copyright
11  *    notice, this list of conditions and the following disclaimer.
12  * 2. Redistributions in binary form must reproduce the above copyright
13  *    notice, this list of conditions and the following disclaimer in the
14  *    documentation and/or other materials provided with the distribution.
15  *
16  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR
17  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
18  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
19  * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT,
20  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
21  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
22  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
23  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
24  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
25  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26  */
27 
28 #include "archive_platform.h"
29 __FBSDID("$FreeBSD$");
30 
31 /*
32  * The definitive documentation of the Zip file format is:
33  *   http://www.pkware.com/documents/casestudies/APPNOTE.TXT
34  *
35  * The Info-Zip project has pioneered various extensions to better
36  * support Zip on Unix, including the 0x5455 "UT", 0x5855 "UX", 0x7855
37  * "Ux", and 0x7875 "ux" extensions for time and ownership
38  * information.
39  *
40  * History of this code: The streaming Zip reader was first added to
41  * libarchive in January 2005.  Support for seekable input sources was
42  * added in Nov 2011.  Zip64 support (including a significant code
43  * refactoring) was added in 2014.
44  */
45 
46 #ifdef HAVE_ERRNO_H
47 #include <errno.h>
48 #endif
49 #ifdef HAVE_STDLIB_H
50 #include <stdlib.h>
51 #endif
52 #ifdef HAVE_ZLIB_H
53 #include <zlib.h>
54 #endif
55 #ifdef HAVE_BZLIB_H
56 #include <bzlib.h>
57 #endif
58 #ifdef HAVE_LZMA_H
59 #include <lzma.h>
60 #endif
61 
62 #include "archive.h"
63 #include "archive_digest_private.h"
64 #include "archive_cryptor_private.h"
65 #include "archive_endian.h"
66 #include "archive_entry.h"
67 #include "archive_entry_locale.h"
68 #include "archive_hmac_private.h"
69 #include "archive_private.h"
70 #include "archive_rb.h"
71 #include "archive_read_private.h"
72 #include "archive_ppmd8_private.h"
73 
74 #ifndef HAVE_ZLIB_H
75 #include "archive_crc32.h"
76 #endif
77 
78 struct zip_entry {
79 	struct archive_rb_node	node;
80 	struct zip_entry	*next;
81 	int64_t			local_header_offset;
82 	int64_t			compressed_size;
83 	int64_t			uncompressed_size;
84 	int64_t			gid;
85 	int64_t			uid;
86 	struct archive_string	rsrcname;
87 	time_t			mtime;
88 	time_t			atime;
89 	time_t			ctime;
90 	uint32_t		crc32;
91 	uint16_t		mode;
92 	uint16_t		zip_flags; /* From GP Flags Field */
93 	unsigned char		compression;
94 	unsigned char		system; /* From "version written by" */
95 	unsigned char		flags; /* Our extra markers. */
96 	unsigned char		decdat;/* Used for Decryption check */
97 
98 	/* WinZip AES encryption extra field should be available
99 	 * when compression is 99. */
100 	struct {
101 		/* Vendor version: AE-1 - 0x0001, AE-2 - 0x0002 */
102 		unsigned	vendor;
103 #define AES_VENDOR_AE_1	0x0001
104 #define AES_VENDOR_AE_2	0x0002
105 		/* AES encryption strength:
106 		 * 1 - 128 bits, 2 - 192 bits, 2 - 256 bits. */
107 		unsigned	strength;
108 		/* Actual compression method. */
109 		unsigned char	compression;
110 	}			aes_extra;
111 };
112 
113 struct trad_enc_ctx {
114 	uint32_t	keys[3];
115 };
116 
117 /* Bits used in zip_flags. */
118 #define ZIP_ENCRYPTED	(1 << 0)
119 #define ZIP_LENGTH_AT_END	(1 << 3)
120 #define ZIP_STRONG_ENCRYPTED	(1 << 6)
121 #define ZIP_UTF8_NAME	(1 << 11)
122 /* See "7.2 Single Password Symmetric Encryption Method"
123    in http://www.pkware.com/documents/casestudies/APPNOTE.TXT */
124 #define ZIP_CENTRAL_DIRECTORY_ENCRYPTED	(1 << 13)
125 
126 /* Bits used in flags. */
127 #define LA_USED_ZIP64	(1 << 0)
128 #define LA_FROM_CENTRAL_DIRECTORY (1 << 1)
129 
130 /*
131  * See "WinZip - AES Encryption Information"
132  *     http://www.winzip.com/aes_info.htm
133  */
134 /* Value used in compression method. */
135 #define WINZIP_AES_ENCRYPTION	99
136 /* Authentication code size. */
137 #define AUTH_CODE_SIZE	10
138 /**/
139 #define MAX_DERIVED_KEY_BUF_SIZE	(AES_MAX_KEY_SIZE * 2 + 2)
140 
141 struct zip {
142 	/* Structural information about the archive. */
143 	struct archive_string	format_name;
144 	int64_t			central_directory_offset;
145 	size_t			central_directory_entries_total;
146 	size_t			central_directory_entries_on_this_disk;
147 	int			has_encrypted_entries;
148 
149 	/* List of entries (seekable Zip only) */
150 	struct zip_entry	*zip_entries;
151 	struct archive_rb_tree	tree;
152 	struct archive_rb_tree	tree_rsrc;
153 
154 	/* Bytes read but not yet consumed via __archive_read_consume() */
155 	size_t			unconsumed;
156 
157 	/* Information about entry we're currently reading. */
158 	struct zip_entry	*entry;
159 	int64_t			entry_bytes_remaining;
160 
161 	/* These count the number of bytes actually read for the entry. */
162 	int64_t			entry_compressed_bytes_read;
163 	int64_t			entry_uncompressed_bytes_read;
164 
165 	/* Running CRC32 of the decompressed data */
166 	unsigned long		entry_crc32;
167 	unsigned long		(*crc32func)(unsigned long, const void *,
168 				    size_t);
169 	char			ignore_crc32;
170 
171 	/* Flags to mark progress of decompression. */
172 	char			decompress_init;
173 	char			end_of_entry;
174 
175 	unsigned char 		*uncompressed_buffer;
176 	size_t 			uncompressed_buffer_size;
177 
178 #ifdef HAVE_ZLIB_H
179 	z_stream		stream;
180 	char			stream_valid;
181 #endif
182 
183 #if HAVE_LZMA_H && HAVE_LIBLZMA
184 	lzma_stream		zipx_lzma_stream;
185 	char            zipx_lzma_valid;
186 #endif
187 
188 #ifdef HAVE_BZLIB_H
189 	bz_stream		bzstream;
190 	char            bzstream_valid;
191 #endif
192 
193 	IByteIn			zipx_ppmd_stream;
194 	ssize_t			zipx_ppmd_read_compressed;
195 	CPpmd8			ppmd8;
196 	char			ppmd8_valid;
197 
198 	struct archive_string_conv *sconv;
199 	struct archive_string_conv *sconv_default;
200 	struct archive_string_conv *sconv_utf8;
201 	int			init_default_conversion;
202 	int			process_mac_extensions;
203 
204 	char			init_decryption;
205 
206 	/* Decryption buffer. */
207 	/*
208 	 * The decrypted data starts at decrypted_ptr and
209 	 * extends for decrypted_bytes_remaining.  Decryption
210 	 * adds new data to the end of this block, data is returned
211 	 * to clients from the beginning.  When the block hits the
212 	 * end of decrypted_buffer, it has to be shuffled back to
213 	 * the beginning of the buffer.
214 	 */
215 	unsigned char 		*decrypted_buffer;
216 	unsigned char 		*decrypted_ptr;
217 	size_t 			decrypted_buffer_size;
218 	size_t 			decrypted_bytes_remaining;
219 	size_t 			decrypted_unconsumed_bytes;
220 
221 	/* Traditional PKWARE decryption. */
222 	struct trad_enc_ctx	tctx;
223 	char			tctx_valid;
224 
225 	/* WinZip AES decryption. */
226 	/* Contexts used for AES decryption. */
227 	archive_crypto_ctx	cctx;
228 	char			cctx_valid;
229 	archive_hmac_sha1_ctx	hctx;
230 	char			hctx_valid;
231 
232 	/* Strong encryption's decryption header information. */
233 	unsigned		iv_size;
234 	unsigned		alg_id;
235 	unsigned		bit_len;
236 	unsigned		flags;
237 	unsigned		erd_size;
238 	unsigned		v_size;
239 	unsigned		v_crc32;
240 	uint8_t			*iv;
241 	uint8_t			*erd;
242 	uint8_t			*v_data;
243 };
244 
245 /* Many systems define min or MIN, but not all. */
246 #define	zipmin(a,b) ((a) < (b) ? (a) : (b))
247 
248 /* This function is used by Ppmd8_DecodeSymbol during decompression of Ppmd8
249  * streams inside ZIP files. It has 2 purposes: one is to fetch the next
250  * compressed byte from the stream, second one is to increase the counter how
251  * many compressed bytes were read. */
252 static Byte
253 ppmd_read(void* p) {
254 	/* Get the handle to current decompression context. */
255 	struct archive_read *a = ((IByteIn*)p)->a;
256 	struct zip *zip = (struct zip*) a->format->data;
257 
258 	/* Fetch next byte. */
259 	const uint8_t* data = __archive_read_ahead(a, 1, NULL);
260 	__archive_read_consume(a, 1);
261 
262 	/* Increment the counter. */
263 	++zip->zipx_ppmd_read_compressed;
264 
265 	/* Return the next compressed byte. */
266 	return data[0];
267 }
268 
269 /* ------------------------------------------------------------------------ */
270 
271 /*
272   Traditional PKWARE Decryption functions.
273  */
274 
275 static void
276 trad_enc_update_keys(struct trad_enc_ctx *ctx, uint8_t c)
277 {
278 	uint8_t t;
279 #define CRC32(c, b) (crc32(c ^ 0xffffffffUL, &b, 1) ^ 0xffffffffUL)
280 
281 	ctx->keys[0] = CRC32(ctx->keys[0], c);
282 	ctx->keys[1] = (ctx->keys[1] + (ctx->keys[0] & 0xff)) * 134775813L + 1;
283 	t = (ctx->keys[1] >> 24) & 0xff;
284 	ctx->keys[2] = CRC32(ctx->keys[2], t);
285 #undef CRC32
286 }
287 
288 static uint8_t
289 trad_enc_decrypt_byte(struct trad_enc_ctx *ctx)
290 {
291 	unsigned temp = ctx->keys[2] | 2;
292 	return (uint8_t)((temp * (temp ^ 1)) >> 8) & 0xff;
293 }
294 
295 static void
296 trad_enc_decrypt_update(struct trad_enc_ctx *ctx, const uint8_t *in,
297     size_t in_len, uint8_t *out, size_t out_len)
298 {
299 	unsigned i, max;
300 
301 	max = (unsigned)((in_len < out_len)? in_len: out_len);
302 
303 	for (i = 0; i < max; i++) {
304 		uint8_t t = in[i] ^ trad_enc_decrypt_byte(ctx);
305 		out[i] = t;
306 		trad_enc_update_keys(ctx, t);
307 	}
308 }
309 
310 static int
311 trad_enc_init(struct trad_enc_ctx *ctx, const char *pw, size_t pw_len,
312     const uint8_t *key, size_t key_len, uint8_t *crcchk)
313 {
314 	uint8_t header[12];
315 
316 	if (key_len < 12) {
317 		*crcchk = 0xff;
318 		return -1;
319 	}
320 
321 	ctx->keys[0] = 305419896L;
322 	ctx->keys[1] = 591751049L;
323 	ctx->keys[2] = 878082192L;
324 
325 	for (;pw_len; --pw_len)
326 		trad_enc_update_keys(ctx, *pw++);
327 
328 	trad_enc_decrypt_update(ctx, key, 12, header, 12);
329 	/* Return the last byte for CRC check. */
330 	*crcchk = header[11];
331 	return 0;
332 }
333 
334 #if 0
335 static void
336 crypt_derive_key_sha1(const void *p, int size, unsigned char *key,
337     int key_size)
338 {
339 #define MD_SIZE 20
340 	archive_sha1_ctx ctx;
341 	unsigned char md1[MD_SIZE];
342 	unsigned char md2[MD_SIZE * 2];
343 	unsigned char mkb[64];
344 	int i;
345 
346 	archive_sha1_init(&ctx);
347 	archive_sha1_update(&ctx, p, size);
348 	archive_sha1_final(&ctx, md1);
349 
350 	memset(mkb, 0x36, sizeof(mkb));
351 	for (i = 0; i < MD_SIZE; i++)
352 		mkb[i] ^= md1[i];
353 	archive_sha1_init(&ctx);
354 	archive_sha1_update(&ctx, mkb, sizeof(mkb));
355 	archive_sha1_final(&ctx, md2);
356 
357 	memset(mkb, 0x5C, sizeof(mkb));
358 	for (i = 0; i < MD_SIZE; i++)
359 		mkb[i] ^= md1[i];
360 	archive_sha1_init(&ctx);
361 	archive_sha1_update(&ctx, mkb, sizeof(mkb));
362 	archive_sha1_final(&ctx, md2 + MD_SIZE);
363 
364 	if (key_size > 32)
365 		key_size = 32;
366 	memcpy(key, md2, key_size);
367 #undef MD_SIZE
368 }
369 #endif
370 
371 /*
372  * Common code for streaming or seeking modes.
373  *
374  * Includes code to read local file headers, decompress data
375  * from entry bodies, and common API.
376  */
377 
378 static unsigned long
379 real_crc32(unsigned long crc, const void *buff, size_t len)
380 {
381 	return crc32(crc, buff, (unsigned int)len);
382 }
383 
384 /* Used by "ignorecrc32" option to speed up tests. */
385 static unsigned long
386 fake_crc32(unsigned long crc, const void *buff, size_t len)
387 {
388 	(void)crc; /* UNUSED */
389 	(void)buff; /* UNUSED */
390 	(void)len; /* UNUSED */
391 	return 0;
392 }
393 
394 static const struct {
395 	int id;
396 	const char * name;
397 } compression_methods[] = {
398 	{0, "uncompressed"}, /* The file is stored (no compression) */
399 	{1, "shrinking"}, /* The file is Shrunk */
400 	{2, "reduced-1"}, /* The file is Reduced with compression factor 1 */
401 	{3, "reduced-2"}, /* The file is Reduced with compression factor 2 */
402 	{4, "reduced-3"}, /* The file is Reduced with compression factor 3 */
403 	{5, "reduced-4"}, /* The file is Reduced with compression factor 4 */
404 	{6, "imploded"},  /* The file is Imploded */
405 	{7, "reserved"},  /* Reserved for Tokenizing compression algorithm */
406 	{8, "deflation"}, /* The file is Deflated */
407 	{9, "deflation-64-bit"}, /* Enhanced Deflating using Deflate64(tm) */
408 	{10, "ibm-terse"},/* PKWARE Data Compression Library Imploding
409 			   * (old IBM TERSE) */
410 	{11, "reserved"}, /* Reserved by PKWARE */
411 	{12, "bzip"},     /* File is compressed using BZIP2 algorithm */
412 	{13, "reserved"}, /* Reserved by PKWARE */
413 	{14, "lzma"},     /* LZMA (EFS) */
414 	{15, "reserved"}, /* Reserved by PKWARE */
415 	{16, "reserved"}, /* Reserved by PKWARE */
416 	{17, "reserved"}, /* Reserved by PKWARE */
417 	{18, "ibm-terse-new"}, /* File is compressed using IBM TERSE (new) */
418 	{19, "ibm-lz777"},/* IBM LZ77 z Architecture (PFS) */
419 	{95, "xz"},       /* XZ compressed data */
420 	{96, "jpeg"},     /* JPEG compressed data */
421 	{97, "wav-pack"}, /* WavPack compressed data */
422 	{98, "ppmd-1"},   /* PPMd version I, Rev 1 */
423 	{99, "aes"}       /* WinZip AES encryption  */
424 };
425 
426 static const char *
427 compression_name(const int compression)
428 {
429 	static const int num_compression_methods =
430 		sizeof(compression_methods)/sizeof(compression_methods[0]);
431 	int i=0;
432 
433 	while(compression >= 0 && i < num_compression_methods) {
434 		if (compression_methods[i].id == compression)
435 			return compression_methods[i].name;
436 		i++;
437 	}
438 	return "??";
439 }
440 
441 /* Convert an MSDOS-style date/time into Unix-style time. */
442 static time_t
443 zip_time(const char *p)
444 {
445 	int msTime, msDate;
446 	struct tm ts;
447 
448 	msTime = (0xff & (unsigned)p[0]) + 256 * (0xff & (unsigned)p[1]);
449 	msDate = (0xff & (unsigned)p[2]) + 256 * (0xff & (unsigned)p[3]);
450 
451 	memset(&ts, 0, sizeof(ts));
452 	ts.tm_year = ((msDate >> 9) & 0x7f) + 80; /* Years since 1900. */
453 	ts.tm_mon = ((msDate >> 5) & 0x0f) - 1; /* Month number. */
454 	ts.tm_mday = msDate & 0x1f; /* Day of month. */
455 	ts.tm_hour = (msTime >> 11) & 0x1f;
456 	ts.tm_min = (msTime >> 5) & 0x3f;
457 	ts.tm_sec = (msTime << 1) & 0x3e;
458 	ts.tm_isdst = -1;
459 	return mktime(&ts);
460 }
461 
462 /*
463  * The extra data is stored as a list of
464  *	id1+size1+data1 + id2+size2+data2 ...
465  *  triplets.  id and size are 2 bytes each.
466  */
467 static int
468 process_extra(struct archive_read *a, const char *p, size_t extra_length, struct zip_entry* zip_entry)
469 {
470 	unsigned offset = 0;
471 
472 	if (extra_length == 0) {
473 		return ARCHIVE_OK;
474 	}
475 
476 	if (extra_length < 4) {
477 		archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
478 		    "Too-small extra data: Need at least 4 bytes, but only found %d bytes", (int)extra_length);
479 		return ARCHIVE_FAILED;
480 	}
481 	while (offset <= extra_length - 4) {
482 		unsigned short headerid = archive_le16dec(p + offset);
483 		unsigned short datasize = archive_le16dec(p + offset + 2);
484 
485 		offset += 4;
486 		if (offset + datasize > extra_length) {
487 			archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
488 			    "Extra data overflow: Need %d bytes but only found %d bytes",
489 			    (int)datasize, (int)(extra_length - offset));
490 			return ARCHIVE_FAILED;
491 		}
492 #ifdef DEBUG
493 		fprintf(stderr, "Header id 0x%04x, length %d\n",
494 		    headerid, datasize);
495 #endif
496 		switch (headerid) {
497 		case 0x0001:
498 			/* Zip64 extended information extra field. */
499 			zip_entry->flags |= LA_USED_ZIP64;
500 			if (zip_entry->uncompressed_size == 0xffffffff) {
501 				uint64_t t = 0;
502 				if (datasize < 8
503 				    || (t = archive_le64dec(p + offset)) > INT64_MAX) {
504 					archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
505 					    "Malformed 64-bit uncompressed size");
506 					return ARCHIVE_FAILED;
507 				}
508 				zip_entry->uncompressed_size = t;
509 				offset += 8;
510 				datasize -= 8;
511 			}
512 			if (zip_entry->compressed_size == 0xffffffff) {
513 				uint64_t t = 0;
514 				if (datasize < 8
515 				    || (t = archive_le64dec(p + offset)) > INT64_MAX) {
516 					archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
517 					    "Malformed 64-bit compressed size");
518 					return ARCHIVE_FAILED;
519 				}
520 				zip_entry->compressed_size = t;
521 				offset += 8;
522 				datasize -= 8;
523 			}
524 			if (zip_entry->local_header_offset == 0xffffffff) {
525 				uint64_t t = 0;
526 				if (datasize < 8
527 				    || (t = archive_le64dec(p + offset)) > INT64_MAX) {
528 					archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
529 					    "Malformed 64-bit local header offset");
530 					return ARCHIVE_FAILED;
531 				}
532 				zip_entry->local_header_offset = t;
533 				offset += 8;
534 				datasize -= 8;
535 			}
536 			/* archive_le32dec(p + offset) gives disk
537 			 * on which file starts, but we don't handle
538 			 * multi-volume Zip files. */
539 			break;
540 #ifdef DEBUG
541 		case 0x0017:
542 		{
543 			/* Strong encryption field. */
544 			if (archive_le16dec(p + offset) == 2) {
545 				unsigned algId =
546 					archive_le16dec(p + offset + 2);
547 				unsigned bitLen =
548 					archive_le16dec(p + offset + 4);
549 				int	 flags =
550 					archive_le16dec(p + offset + 6);
551 				fprintf(stderr, "algId=0x%04x, bitLen=%u, "
552 				    "flgas=%d\n", algId, bitLen,flags);
553 			}
554 			break;
555 		}
556 #endif
557 		case 0x5455:
558 		{
559 			/* Extended time field "UT". */
560 			int flags;
561 			if (datasize == 0) {
562 				archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
563 				    "Incomplete extended time field");
564 				return ARCHIVE_FAILED;
565 			}
566 			flags = p[offset];
567 			offset++;
568 			datasize--;
569 			/* Flag bits indicate which dates are present. */
570 			if (flags & 0x01)
571 			{
572 #ifdef DEBUG
573 				fprintf(stderr, "mtime: %lld -> %d\n",
574 				    (long long)zip_entry->mtime,
575 				    archive_le32dec(p + offset));
576 #endif
577 				if (datasize < 4)
578 					break;
579 				zip_entry->mtime = archive_le32dec(p + offset);
580 				offset += 4;
581 				datasize -= 4;
582 			}
583 			if (flags & 0x02)
584 			{
585 				if (datasize < 4)
586 					break;
587 				zip_entry->atime = archive_le32dec(p + offset);
588 				offset += 4;
589 				datasize -= 4;
590 			}
591 			if (flags & 0x04)
592 			{
593 				if (datasize < 4)
594 					break;
595 				zip_entry->ctime = archive_le32dec(p + offset);
596 				offset += 4;
597 				datasize -= 4;
598 			}
599 			break;
600 		}
601 		case 0x5855:
602 		{
603 			/* Info-ZIP Unix Extra Field (old version) "UX". */
604 			if (datasize >= 8) {
605 				zip_entry->atime = archive_le32dec(p + offset);
606 				zip_entry->mtime =
607 				    archive_le32dec(p + offset + 4);
608 			}
609 			if (datasize >= 12) {
610 				zip_entry->uid =
611 				    archive_le16dec(p + offset + 8);
612 				zip_entry->gid =
613 				    archive_le16dec(p + offset + 10);
614 			}
615 			break;
616 		}
617 		case 0x6c78:
618 		{
619 			/* Experimental 'xl' field */
620 			/*
621 			 * Introduced Dec 2013 to provide a way to
622 			 * include external file attributes (and other
623 			 * fields that ordinarily appear only in
624 			 * central directory) in local file header.
625 			 * This provides file type and permission
626 			 * information necessary to support full
627 			 * streaming extraction.  Currently being
628 			 * discussed with other Zip developers
629 			 * ... subject to change.
630 			 *
631 			 * Format:
632 			 *  The field starts with a bitmap that specifies
633 			 *  which additional fields are included.  The
634 			 *  bitmap is variable length and can be extended in
635 			 *  the future.
636 			 *
637 			 *  n bytes - feature bitmap: first byte has low-order
638 			 *    7 bits.  If high-order bit is set, a subsequent
639 			 *    byte holds the next 7 bits, etc.
640 			 *
641 			 *  if bitmap & 1, 2 byte "version made by"
642 			 *  if bitmap & 2, 2 byte "internal file attributes"
643 			 *  if bitmap & 4, 4 byte "external file attributes"
644 			 *  if bitmap & 8, 2 byte comment length + n byte comment
645 			 */
646 			int bitmap, bitmap_last;
647 
648 			if (datasize < 1)
649 				break;
650 			bitmap_last = bitmap = 0xff & p[offset];
651 			offset += 1;
652 			datasize -= 1;
653 
654 			/* We only support first 7 bits of bitmap; skip rest. */
655 			while ((bitmap_last & 0x80) != 0
656 			    && datasize >= 1) {
657 				bitmap_last = p[offset];
658 				offset += 1;
659 				datasize -= 1;
660 			}
661 
662 			if (bitmap & 1) {
663 				/* 2 byte "version made by" */
664 				if (datasize < 2)
665 					break;
666 				zip_entry->system
667 				    = archive_le16dec(p + offset) >> 8;
668 				offset += 2;
669 				datasize -= 2;
670 			}
671 			if (bitmap & 2) {
672 				/* 2 byte "internal file attributes" */
673 				uint32_t internal_attributes;
674 				if (datasize < 2)
675 					break;
676 				internal_attributes
677 				    = archive_le16dec(p + offset);
678 				/* Not used by libarchive at present. */
679 				(void)internal_attributes; /* UNUSED */
680 				offset += 2;
681 				datasize -= 2;
682 			}
683 			if (bitmap & 4) {
684 				/* 4 byte "external file attributes" */
685 				uint32_t external_attributes;
686 				if (datasize < 4)
687 					break;
688 				external_attributes
689 				    = archive_le32dec(p + offset);
690 				if (zip_entry->system == 3) {
691 					zip_entry->mode
692 					    = external_attributes >> 16;
693 				} else if (zip_entry->system == 0) {
694 					// Interpret MSDOS directory bit
695 					if (0x10 == (external_attributes & 0x10)) {
696 						zip_entry->mode = AE_IFDIR | 0775;
697 					} else {
698 						zip_entry->mode = AE_IFREG | 0664;
699 					}
700 					if (0x01 == (external_attributes & 0x01)) {
701 						// Read-only bit; strip write permissions
702 						zip_entry->mode &= 0555;
703 					}
704 				} else {
705 					zip_entry->mode = 0;
706 				}
707 				offset += 4;
708 				datasize -= 4;
709 			}
710 			if (bitmap & 8) {
711 				/* 2 byte comment length + comment */
712 				uint32_t comment_length;
713 				if (datasize < 2)
714 					break;
715 				comment_length
716 				    = archive_le16dec(p + offset);
717 				offset += 2;
718 				datasize -= 2;
719 
720 				if (datasize < comment_length)
721 					break;
722 				/* Comment is not supported by libarchive */
723 				offset += comment_length;
724 				datasize -= comment_length;
725 			}
726 			break;
727 		}
728 		case 0x7855:
729 			/* Info-ZIP Unix Extra Field (type 2) "Ux". */
730 #ifdef DEBUG
731 			fprintf(stderr, "uid %d gid %d\n",
732 			    archive_le16dec(p + offset),
733 			    archive_le16dec(p + offset + 2));
734 #endif
735 			if (datasize >= 2)
736 				zip_entry->uid = archive_le16dec(p + offset);
737 			if (datasize >= 4)
738 				zip_entry->gid =
739 				    archive_le16dec(p + offset + 2);
740 			break;
741 		case 0x7875:
742 		{
743 			/* Info-Zip Unix Extra Field (type 3) "ux". */
744 			int uidsize = 0, gidsize = 0;
745 
746 			/* TODO: support arbitrary uidsize/gidsize. */
747 			if (datasize >= 1 && p[offset] == 1) {/* version=1 */
748 				if (datasize >= 4) {
749 					/* get a uid size. */
750 					uidsize = 0xff & (int)p[offset+1];
751 					if (uidsize == 2)
752 						zip_entry->uid =
753 						    archive_le16dec(
754 						        p + offset + 2);
755 					else if (uidsize == 4 && datasize >= 6)
756 						zip_entry->uid =
757 						    archive_le32dec(
758 						        p + offset + 2);
759 				}
760 				if (datasize >= (2 + uidsize + 3)) {
761 					/* get a gid size. */
762 					gidsize = 0xff & (int)p[offset+2+uidsize];
763 					if (gidsize == 2)
764 						zip_entry->gid =
765 						    archive_le16dec(
766 						        p+offset+2+uidsize+1);
767 					else if (gidsize == 4 &&
768 					    datasize >= (2 + uidsize + 5))
769 						zip_entry->gid =
770 						    archive_le32dec(
771 						        p+offset+2+uidsize+1);
772 				}
773 			}
774 			break;
775 		}
776 		case 0x9901:
777 			/* WinZip AES extra data field. */
778 			if (datasize < 6) {
779 				archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
780 				    "Incomplete AES field");
781 				return ARCHIVE_FAILED;
782 			}
783 			if (p[offset + 2] == 'A' && p[offset + 3] == 'E') {
784 				/* Vendor version. */
785 				zip_entry->aes_extra.vendor =
786 				    archive_le16dec(p + offset);
787 				/* AES encryption strength. */
788 				zip_entry->aes_extra.strength = p[offset + 4];
789 				/* Actual compression method. */
790 				zip_entry->aes_extra.compression =
791 				    p[offset + 5];
792 			}
793 			break;
794 		default:
795 			break;
796 		}
797 		offset += datasize;
798 	}
799 	if (offset != extra_length) {
800 		archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
801 		    "Malformed extra data: Consumed %d bytes of %d bytes",
802 		    (int)offset, (int)extra_length);
803 		return ARCHIVE_FAILED;
804 	}
805 	return ARCHIVE_OK;
806 }
807 
808 /*
809  * Assumes file pointer is at beginning of local file header.
810  */
811 static int
812 zip_read_local_file_header(struct archive_read *a, struct archive_entry *entry,
813     struct zip *zip)
814 {
815 	const char *p;
816 	const void *h;
817 	const wchar_t *wp;
818 	const char *cp;
819 	size_t len, filename_length, extra_length;
820 	struct archive_string_conv *sconv;
821 	struct zip_entry *zip_entry = zip->entry;
822 	struct zip_entry zip_entry_central_dir;
823 	int ret = ARCHIVE_OK;
824 	char version;
825 
826 	/* Save a copy of the original for consistency checks. */
827 	zip_entry_central_dir = *zip_entry;
828 
829 	zip->decompress_init = 0;
830 	zip->end_of_entry = 0;
831 	zip->entry_uncompressed_bytes_read = 0;
832 	zip->entry_compressed_bytes_read = 0;
833 	zip->entry_crc32 = zip->crc32func(0, NULL, 0);
834 
835 	/* Setup default conversion. */
836 	if (zip->sconv == NULL && !zip->init_default_conversion) {
837 		zip->sconv_default =
838 		    archive_string_default_conversion_for_read(&(a->archive));
839 		zip->init_default_conversion = 1;
840 	}
841 
842 	if ((p = __archive_read_ahead(a, 30, NULL)) == NULL) {
843 		archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
844 		    "Truncated ZIP file header");
845 		return (ARCHIVE_FATAL);
846 	}
847 
848 	if (memcmp(p, "PK\003\004", 4) != 0) {
849 		archive_set_error(&a->archive, -1, "Damaged Zip archive");
850 		return ARCHIVE_FATAL;
851 	}
852 	version = p[4];
853 	zip_entry->system = p[5];
854 	zip_entry->zip_flags = archive_le16dec(p + 6);
855 	if (zip_entry->zip_flags & (ZIP_ENCRYPTED | ZIP_STRONG_ENCRYPTED)) {
856 		zip->has_encrypted_entries = 1;
857 		archive_entry_set_is_data_encrypted(entry, 1);
858 		if (zip_entry->zip_flags & ZIP_CENTRAL_DIRECTORY_ENCRYPTED &&
859 			zip_entry->zip_flags & ZIP_ENCRYPTED &&
860 			zip_entry->zip_flags & ZIP_STRONG_ENCRYPTED) {
861 			archive_entry_set_is_metadata_encrypted(entry, 1);
862 			return ARCHIVE_FATAL;
863 		}
864 	}
865 	zip->init_decryption = (zip_entry->zip_flags & ZIP_ENCRYPTED);
866 	zip_entry->compression = (char)archive_le16dec(p + 8);
867 	zip_entry->mtime = zip_time(p + 10);
868 	zip_entry->crc32 = archive_le32dec(p + 14);
869 	if (zip_entry->zip_flags & ZIP_LENGTH_AT_END)
870 		zip_entry->decdat = p[11];
871 	else
872 		zip_entry->decdat = p[17];
873 	zip_entry->compressed_size = archive_le32dec(p + 18);
874 	zip_entry->uncompressed_size = archive_le32dec(p + 22);
875 	filename_length = archive_le16dec(p + 26);
876 	extra_length = archive_le16dec(p + 28);
877 
878 	__archive_read_consume(a, 30);
879 
880 	/* Read the filename. */
881 	if ((h = __archive_read_ahead(a, filename_length, NULL)) == NULL) {
882 		archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
883 		    "Truncated ZIP file header");
884 		return (ARCHIVE_FATAL);
885 	}
886 	if (zip_entry->zip_flags & ZIP_UTF8_NAME) {
887 		/* The filename is stored to be UTF-8. */
888 		if (zip->sconv_utf8 == NULL) {
889 			zip->sconv_utf8 =
890 			    archive_string_conversion_from_charset(
891 				&a->archive, "UTF-8", 1);
892 			if (zip->sconv_utf8 == NULL)
893 				return (ARCHIVE_FATAL);
894 		}
895 		sconv = zip->sconv_utf8;
896 	} else if (zip->sconv != NULL)
897 		sconv = zip->sconv;
898 	else
899 		sconv = zip->sconv_default;
900 
901 	if (archive_entry_copy_pathname_l(entry,
902 	    h, filename_length, sconv) != 0) {
903 		if (errno == ENOMEM) {
904 			archive_set_error(&a->archive, ENOMEM,
905 			    "Can't allocate memory for Pathname");
906 			return (ARCHIVE_FATAL);
907 		}
908 		archive_set_error(&a->archive,
909 		    ARCHIVE_ERRNO_FILE_FORMAT,
910 		    "Pathname cannot be converted "
911 		    "from %s to current locale.",
912 		    archive_string_conversion_charset_name(sconv));
913 		ret = ARCHIVE_WARN;
914 	}
915 	__archive_read_consume(a, filename_length);
916 
917 	/* Read the extra data. */
918 	if ((h = __archive_read_ahead(a, extra_length, NULL)) == NULL) {
919 		archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
920 		    "Truncated ZIP file header");
921 		return (ARCHIVE_FATAL);
922 	}
923 
924 	if (ARCHIVE_OK != process_extra(a, h, extra_length, zip_entry)) {
925 		return ARCHIVE_FATAL;
926 	}
927 	__archive_read_consume(a, extra_length);
928 
929 	/* Work around a bug in Info-Zip: When reading from a pipe, it
930 	 * stats the pipe instead of synthesizing a file entry. */
931 	if ((zip_entry->mode & AE_IFMT) == AE_IFIFO) {
932 		zip_entry->mode &= ~ AE_IFMT;
933 		zip_entry->mode |= AE_IFREG;
934 	}
935 
936 	/* If the mode is totally empty, set some sane default. */
937 	if (zip_entry->mode == 0) {
938 		zip_entry->mode |= 0664;
939 	}
940 
941 	/* Windows archivers sometimes use backslash as the directory separator.
942 	   Normalize to slash. */
943 	if (zip_entry->system == 0 &&
944 	    (wp = archive_entry_pathname_w(entry)) != NULL) {
945 		if (wcschr(wp, L'/') == NULL && wcschr(wp, L'\\') != NULL) {
946 			size_t i;
947 			struct archive_wstring s;
948 			archive_string_init(&s);
949 			archive_wstrcpy(&s, wp);
950 			for (i = 0; i < archive_strlen(&s); i++) {
951 				if (s.s[i] == '\\')
952 					s.s[i] = '/';
953 			}
954 			archive_entry_copy_pathname_w(entry, s.s);
955 			archive_wstring_free(&s);
956 		}
957 	}
958 
959 	/* Make sure that entries with a trailing '/' are marked as directories
960 	 * even if the External File Attributes contains bogus values.  If this
961 	 * is not a directory and there is no type, assume regularfile. */
962 	if ((zip_entry->mode & AE_IFMT) != AE_IFDIR) {
963 		int has_slash;
964 
965 		wp = archive_entry_pathname_w(entry);
966 		if (wp != NULL) {
967 			len = wcslen(wp);
968 			has_slash = len > 0 && wp[len - 1] == L'/';
969 		} else {
970 			cp = archive_entry_pathname(entry);
971 			len = (cp != NULL)?strlen(cp):0;
972 			has_slash = len > 0 && cp[len - 1] == '/';
973 		}
974 		/* Correct file type as needed. */
975 		if (has_slash) {
976 			zip_entry->mode &= ~AE_IFMT;
977 			zip_entry->mode |= AE_IFDIR;
978 			zip_entry->mode |= 0111;
979 		} else if ((zip_entry->mode & AE_IFMT) == 0) {
980 			zip_entry->mode |= AE_IFREG;
981 		}
982 	}
983 
984 	/* Make sure directories end in '/' */
985 	if ((zip_entry->mode & AE_IFMT) == AE_IFDIR) {
986 		wp = archive_entry_pathname_w(entry);
987 		if (wp != NULL) {
988 			len = wcslen(wp);
989 			if (len > 0 && wp[len - 1] != L'/') {
990 				struct archive_wstring s;
991 				archive_string_init(&s);
992 				archive_wstrcat(&s, wp);
993 				archive_wstrappend_wchar(&s, L'/');
994 				archive_entry_copy_pathname_w(entry, s.s);
995 				archive_wstring_free(&s);
996 			}
997 		} else {
998 			cp = archive_entry_pathname(entry);
999 			len = (cp != NULL)?strlen(cp):0;
1000 			if (len > 0 && cp[len - 1] != '/') {
1001 				struct archive_string s;
1002 				archive_string_init(&s);
1003 				archive_strcat(&s, cp);
1004 				archive_strappend_char(&s, '/');
1005 				archive_entry_set_pathname(entry, s.s);
1006 				archive_string_free(&s);
1007 			}
1008 		}
1009 	}
1010 
1011 	if (zip_entry->flags & LA_FROM_CENTRAL_DIRECTORY) {
1012 		/* If this came from the central dir, it's size info
1013 		 * is definitive, so ignore the length-at-end flag. */
1014 		zip_entry->zip_flags &= ~ZIP_LENGTH_AT_END;
1015 		/* If local header is missing a value, use the one from
1016 		   the central directory.  If both have it, warn about
1017 		   mismatches. */
1018 		if (zip_entry->crc32 == 0) {
1019 			zip_entry->crc32 = zip_entry_central_dir.crc32;
1020 		} else if (!zip->ignore_crc32
1021 		    && zip_entry->crc32 != zip_entry_central_dir.crc32) {
1022 			archive_set_error(&a->archive,
1023 			    ARCHIVE_ERRNO_FILE_FORMAT,
1024 			    "Inconsistent CRC32 values");
1025 			ret = ARCHIVE_WARN;
1026 		}
1027 		if (zip_entry->compressed_size == 0) {
1028 			zip_entry->compressed_size
1029 			    = zip_entry_central_dir.compressed_size;
1030 		} else if (zip_entry->compressed_size
1031 		    != zip_entry_central_dir.compressed_size) {
1032 			archive_set_error(&a->archive,
1033 			    ARCHIVE_ERRNO_FILE_FORMAT,
1034 			    "Inconsistent compressed size: "
1035 			    "%jd in central directory, %jd in local header",
1036 			    (intmax_t)zip_entry_central_dir.compressed_size,
1037 			    (intmax_t)zip_entry->compressed_size);
1038 			ret = ARCHIVE_WARN;
1039 		}
1040 		if (zip_entry->uncompressed_size == 0) {
1041 			zip_entry->uncompressed_size
1042 			    = zip_entry_central_dir.uncompressed_size;
1043 		} else if (zip_entry->uncompressed_size
1044 		    != zip_entry_central_dir.uncompressed_size) {
1045 			archive_set_error(&a->archive,
1046 			    ARCHIVE_ERRNO_FILE_FORMAT,
1047 			    "Inconsistent uncompressed size: "
1048 			    "%jd in central directory, %jd in local header",
1049 			    (intmax_t)zip_entry_central_dir.uncompressed_size,
1050 			    (intmax_t)zip_entry->uncompressed_size);
1051 			ret = ARCHIVE_WARN;
1052 		}
1053 	}
1054 
1055 	/* Populate some additional entry fields: */
1056 	archive_entry_set_mode(entry, zip_entry->mode);
1057 	archive_entry_set_uid(entry, zip_entry->uid);
1058 	archive_entry_set_gid(entry, zip_entry->gid);
1059 	archive_entry_set_mtime(entry, zip_entry->mtime, 0);
1060 	archive_entry_set_ctime(entry, zip_entry->ctime, 0);
1061 	archive_entry_set_atime(entry, zip_entry->atime, 0);
1062 
1063 	if ((zip->entry->mode & AE_IFMT) == AE_IFLNK) {
1064 		size_t linkname_length;
1065 
1066 		if (zip_entry->compressed_size > 64 * 1024) {
1067 			archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1068 			    "Zip file with oversized link entry");
1069 			return ARCHIVE_FATAL;
1070 		}
1071 
1072 		linkname_length = (size_t)zip_entry->compressed_size;
1073 
1074 		archive_entry_set_size(entry, 0);
1075 		p = __archive_read_ahead(a, linkname_length, NULL);
1076 		if (p == NULL) {
1077 			archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1078 			    "Truncated Zip file");
1079 			return ARCHIVE_FATAL;
1080 		}
1081 
1082 		sconv = zip->sconv;
1083 		if (sconv == NULL && (zip->entry->zip_flags & ZIP_UTF8_NAME))
1084 			sconv = zip->sconv_utf8;
1085 		if (sconv == NULL)
1086 			sconv = zip->sconv_default;
1087 		if (archive_entry_copy_symlink_l(entry, p, linkname_length,
1088 		    sconv) != 0) {
1089 			if (errno != ENOMEM && sconv == zip->sconv_utf8 &&
1090 			    (zip->entry->zip_flags & ZIP_UTF8_NAME))
1091 			    archive_entry_copy_symlink_l(entry, p,
1092 				linkname_length, NULL);
1093 			if (errno == ENOMEM) {
1094 				archive_set_error(&a->archive, ENOMEM,
1095 				    "Can't allocate memory for Symlink");
1096 				return (ARCHIVE_FATAL);
1097 			}
1098 			/*
1099 			 * Since there is no character-set regulation for
1100 			 * symlink name, do not report the conversion error
1101 			 * in an automatic conversion.
1102 			 */
1103 			if (sconv != zip->sconv_utf8 ||
1104 			    (zip->entry->zip_flags & ZIP_UTF8_NAME) == 0) {
1105 				archive_set_error(&a->archive,
1106 				    ARCHIVE_ERRNO_FILE_FORMAT,
1107 				    "Symlink cannot be converted "
1108 				    "from %s to current locale.",
1109 				    archive_string_conversion_charset_name(
1110 					sconv));
1111 				ret = ARCHIVE_WARN;
1112 			}
1113 		}
1114 		zip_entry->uncompressed_size = zip_entry->compressed_size = 0;
1115 
1116 		if (__archive_read_consume(a, linkname_length) < 0) {
1117 			archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1118 			    "Read error skipping symlink target name");
1119 			return ARCHIVE_FATAL;
1120 		}
1121 	} else if (0 == (zip_entry->zip_flags & ZIP_LENGTH_AT_END)
1122 	    || zip_entry->uncompressed_size > 0) {
1123 		/* Set the size only if it's meaningful. */
1124 		archive_entry_set_size(entry, zip_entry->uncompressed_size);
1125 	}
1126 	zip->entry_bytes_remaining = zip_entry->compressed_size;
1127 
1128 	/* If there's no body, force read_data() to return EOF immediately. */
1129 	if (0 == (zip_entry->zip_flags & ZIP_LENGTH_AT_END)
1130 	    && zip->entry_bytes_remaining < 1)
1131 		zip->end_of_entry = 1;
1132 
1133 	/* Set up a more descriptive format name. */
1134         archive_string_empty(&zip->format_name);
1135 	archive_string_sprintf(&zip->format_name, "ZIP %d.%d (%s)",
1136 	    version / 10, version % 10,
1137 	    compression_name(zip->entry->compression));
1138 	a->archive.archive_format_name = zip->format_name.s;
1139 
1140 	return (ret);
1141 }
1142 
1143 static int
1144 check_authentication_code(struct archive_read *a, const void *_p)
1145 {
1146 	struct zip *zip = (struct zip *)(a->format->data);
1147 
1148 	/* Check authentication code. */
1149 	if (zip->hctx_valid) {
1150 		const void *p;
1151 		uint8_t hmac[20];
1152 		size_t hmac_len = 20;
1153 		int cmp;
1154 
1155 		archive_hmac_sha1_final(&zip->hctx, hmac, &hmac_len);
1156 		if (_p == NULL) {
1157 			/* Read authentication code. */
1158 			p = __archive_read_ahead(a, AUTH_CODE_SIZE, NULL);
1159 			if (p == NULL) {
1160 				archive_set_error(&a->archive,
1161 				    ARCHIVE_ERRNO_FILE_FORMAT,
1162 				    "Truncated ZIP file data");
1163 				return (ARCHIVE_FATAL);
1164 			}
1165 		} else {
1166 			p = _p;
1167 		}
1168 		cmp = memcmp(hmac, p, AUTH_CODE_SIZE);
1169 		__archive_read_consume(a, AUTH_CODE_SIZE);
1170 		if (cmp != 0) {
1171 			archive_set_error(&a->archive,
1172 			    ARCHIVE_ERRNO_MISC,
1173 			    "ZIP bad Authentication code");
1174 			return (ARCHIVE_WARN);
1175 		}
1176 	}
1177 	return (ARCHIVE_OK);
1178 }
1179 
1180 /*
1181  * Read "uncompressed" data.  There are three cases:
1182  *  1) We know the size of the data.  This is always true for the
1183  * seeking reader (we've examined the Central Directory already).
1184  *  2) ZIP_LENGTH_AT_END was set, but only the CRC was deferred.
1185  * Info-ZIP seems to do this; we know the size but have to grab
1186  * the CRC from the data descriptor afterwards.
1187  *  3) We're streaming and ZIP_LENGTH_AT_END was specified and
1188  * we have no size information.  In this case, we can do pretty
1189  * well by watching for the data descriptor record.  The data
1190  * descriptor is 16 bytes and includes a computed CRC that should
1191  * provide a strong check.
1192  *
1193  * TODO: Technically, the PK\007\010 signature is optional.
1194  * In the original spec, the data descriptor contained CRC
1195  * and size fields but had no leading signature.  In practice,
1196  * newer writers seem to provide the signature pretty consistently.
1197  *
1198  * For uncompressed data, the PK\007\010 marker seems essential
1199  * to be sure we've actually seen the end of the entry.
1200  *
1201  * Returns ARCHIVE_OK if successful, ARCHIVE_FATAL otherwise, sets
1202  * zip->end_of_entry if it consumes all of the data.
1203  */
1204 static int
1205 zip_read_data_none(struct archive_read *a, const void **_buff,
1206     size_t *size, int64_t *offset)
1207 {
1208 	struct zip *zip;
1209 	const char *buff;
1210 	ssize_t bytes_avail;
1211 	int r;
1212 
1213 	(void)offset; /* UNUSED */
1214 
1215 	zip = (struct zip *)(a->format->data);
1216 
1217 	if (zip->entry->zip_flags & ZIP_LENGTH_AT_END) {
1218 		const char *p;
1219 		ssize_t grabbing_bytes = 24;
1220 
1221 		if (zip->hctx_valid)
1222 			grabbing_bytes += AUTH_CODE_SIZE;
1223 		/* Grab at least 24 bytes. */
1224 		buff = __archive_read_ahead(a, grabbing_bytes, &bytes_avail);
1225 		if (bytes_avail < grabbing_bytes) {
1226 			/* Zip archives have end-of-archive markers
1227 			   that are longer than this, so a failure to get at
1228 			   least 24 bytes really does indicate a truncated
1229 			   file. */
1230 			archive_set_error(&a->archive,
1231 			    ARCHIVE_ERRNO_FILE_FORMAT,
1232 			    "Truncated ZIP file data");
1233 			return (ARCHIVE_FATAL);
1234 		}
1235 		/* Check for a complete PK\007\010 signature, followed
1236 		 * by the correct 4-byte CRC. */
1237 		p = buff;
1238 		if (zip->hctx_valid)
1239 			p += AUTH_CODE_SIZE;
1240 		if (p[0] == 'P' && p[1] == 'K'
1241 		    && p[2] == '\007' && p[3] == '\010'
1242 		    && (archive_le32dec(p + 4) == zip->entry_crc32
1243 			|| zip->ignore_crc32
1244 			|| (zip->hctx_valid
1245 			 && zip->entry->aes_extra.vendor == AES_VENDOR_AE_2))) {
1246 			if (zip->entry->flags & LA_USED_ZIP64) {
1247 				uint64_t compressed, uncompressed;
1248 				zip->entry->crc32 = archive_le32dec(p + 4);
1249 				compressed = archive_le64dec(p + 8);
1250 				uncompressed = archive_le64dec(p + 16);
1251 				if (compressed > INT64_MAX || uncompressed > INT64_MAX) {
1252 					archive_set_error(&a->archive,
1253 					    ARCHIVE_ERRNO_FILE_FORMAT,
1254 					    "Overflow of 64-bit file sizes");
1255 					return ARCHIVE_FAILED;
1256 				}
1257 				zip->entry->compressed_size = compressed;
1258 				zip->entry->uncompressed_size = uncompressed;
1259 				zip->unconsumed = 24;
1260 			} else {
1261 				zip->entry->crc32 = archive_le32dec(p + 4);
1262 				zip->entry->compressed_size =
1263 					archive_le32dec(p + 8);
1264 				zip->entry->uncompressed_size =
1265 					archive_le32dec(p + 12);
1266 				zip->unconsumed = 16;
1267 			}
1268 			if (zip->hctx_valid) {
1269 				r = check_authentication_code(a, buff);
1270 				if (r != ARCHIVE_OK)
1271 					return (r);
1272 			}
1273 			zip->end_of_entry = 1;
1274 			return (ARCHIVE_OK);
1275 		}
1276 		/* If not at EOF, ensure we consume at least one byte. */
1277 		++p;
1278 
1279 		/* Scan forward until we see where a PK\007\010 signature
1280 		 * might be. */
1281 		/* Return bytes up until that point.  On the next call,
1282 		 * the code above will verify the data descriptor. */
1283 		while (p < buff + bytes_avail - 4) {
1284 			if (p[3] == 'P') { p += 3; }
1285 			else if (p[3] == 'K') { p += 2; }
1286 			else if (p[3] == '\007') { p += 1; }
1287 			else if (p[3] == '\010' && p[2] == '\007'
1288 			    && p[1] == 'K' && p[0] == 'P') {
1289 				if (zip->hctx_valid)
1290 					p -= AUTH_CODE_SIZE;
1291 				break;
1292 			} else { p += 4; }
1293 		}
1294 		bytes_avail = p - buff;
1295 	} else {
1296 		if (zip->entry_bytes_remaining == 0) {
1297 			zip->end_of_entry = 1;
1298 			if (zip->hctx_valid) {
1299 				r = check_authentication_code(a, NULL);
1300 				if (r != ARCHIVE_OK)
1301 					return (r);
1302 			}
1303 			return (ARCHIVE_OK);
1304 		}
1305 		/* Grab a bunch of bytes. */
1306 		buff = __archive_read_ahead(a, 1, &bytes_avail);
1307 		if (bytes_avail <= 0) {
1308 			archive_set_error(&a->archive,
1309 			    ARCHIVE_ERRNO_FILE_FORMAT,
1310 			    "Truncated ZIP file data");
1311 			return (ARCHIVE_FATAL);
1312 		}
1313 		if (bytes_avail > zip->entry_bytes_remaining)
1314 			bytes_avail = (ssize_t)zip->entry_bytes_remaining;
1315 	}
1316 	if (zip->tctx_valid || zip->cctx_valid) {
1317 		size_t dec_size = bytes_avail;
1318 
1319 		if (dec_size > zip->decrypted_buffer_size)
1320 			dec_size = zip->decrypted_buffer_size;
1321 		if (zip->tctx_valid) {
1322 			trad_enc_decrypt_update(&zip->tctx,
1323 			    (const uint8_t *)buff, dec_size,
1324 			    zip->decrypted_buffer, dec_size);
1325 		} else {
1326 			size_t dsize = dec_size;
1327 			archive_hmac_sha1_update(&zip->hctx,
1328 			    (const uint8_t *)buff, dec_size);
1329 			archive_decrypto_aes_ctr_update(&zip->cctx,
1330 			    (const uint8_t *)buff, dec_size,
1331 			    zip->decrypted_buffer, &dsize);
1332 		}
1333 		bytes_avail = dec_size;
1334 		buff = (const char *)zip->decrypted_buffer;
1335 	}
1336 	*size = bytes_avail;
1337 	zip->entry_bytes_remaining -= bytes_avail;
1338 	zip->entry_uncompressed_bytes_read += bytes_avail;
1339 	zip->entry_compressed_bytes_read += bytes_avail;
1340 	zip->unconsumed += bytes_avail;
1341 	*_buff = buff;
1342 	return (ARCHIVE_OK);
1343 }
1344 
1345 static int
1346 consume_optional_marker(struct archive_read *a, struct zip *zip)
1347 {
1348 	if (zip->end_of_entry && (zip->entry->zip_flags & ZIP_LENGTH_AT_END)) {
1349 		const char *p;
1350 
1351 		if (NULL == (p = __archive_read_ahead(a, 24, NULL))) {
1352 			archive_set_error(&a->archive,
1353 			    ARCHIVE_ERRNO_FILE_FORMAT,
1354 			    "Truncated ZIP end-of-file record");
1355 			return (ARCHIVE_FATAL);
1356 		}
1357 		/* Consume the optional PK\007\010 marker. */
1358 		if (p[0] == 'P' && p[1] == 'K' &&
1359 		    p[2] == '\007' && p[3] == '\010') {
1360 			p += 4;
1361 			zip->unconsumed = 4;
1362 		}
1363 		if (zip->entry->flags & LA_USED_ZIP64) {
1364 			uint64_t compressed, uncompressed;
1365 			zip->entry->crc32 = archive_le32dec(p);
1366 			compressed = archive_le64dec(p + 4);
1367 			uncompressed = archive_le64dec(p + 12);
1368 			if (compressed > INT64_MAX || uncompressed > INT64_MAX) {
1369 				archive_set_error(&a->archive,
1370 				    ARCHIVE_ERRNO_FILE_FORMAT,
1371 				    "Overflow of 64-bit file sizes");
1372 				return ARCHIVE_FAILED;
1373 			}
1374 			zip->entry->compressed_size = compressed;
1375 			zip->entry->uncompressed_size = uncompressed;
1376 			zip->unconsumed += 20;
1377 		} else {
1378 			zip->entry->crc32 = archive_le32dec(p);
1379 			zip->entry->compressed_size = archive_le32dec(p + 4);
1380 			zip->entry->uncompressed_size = archive_le32dec(p + 8);
1381 			zip->unconsumed += 12;
1382 		}
1383 	}
1384 
1385     return (ARCHIVE_OK);
1386 }
1387 
1388 #if HAVE_LZMA_H && HAVE_LIBLZMA
1389 static int
1390 zipx_xz_init(struct archive_read *a, struct zip *zip)
1391 {
1392 	lzma_ret r;
1393 
1394 	if(zip->zipx_lzma_valid) {
1395 		lzma_end(&zip->zipx_lzma_stream);
1396 		zip->zipx_lzma_valid = 0;
1397 	}
1398 
1399 	memset(&zip->zipx_lzma_stream, 0, sizeof(zip->zipx_lzma_stream));
1400 	r = lzma_stream_decoder(&zip->zipx_lzma_stream, UINT64_MAX, 0);
1401 	if (r != LZMA_OK) {
1402 		archive_set_error(&(a->archive), ARCHIVE_ERRNO_MISC,
1403 		    "xz initialization failed(%d)",
1404 		    r);
1405 
1406 		return (ARCHIVE_FAILED);
1407 	}
1408 
1409 	zip->zipx_lzma_valid = 1;
1410 
1411 	free(zip->uncompressed_buffer);
1412 
1413 	zip->uncompressed_buffer_size = 256 * 1024;
1414 	zip->uncompressed_buffer =
1415 	    (uint8_t*) malloc(zip->uncompressed_buffer_size);
1416 	if (zip->uncompressed_buffer == NULL) {
1417 		archive_set_error(&a->archive, ENOMEM,
1418 		    "No memory for xz decompression");
1419 		    return (ARCHIVE_FATAL);
1420 	}
1421 
1422 	zip->decompress_init = 1;
1423 	return (ARCHIVE_OK);
1424 }
1425 
1426 static int
1427 zipx_lzma_alone_init(struct archive_read *a, struct zip *zip)
1428 {
1429 	lzma_ret r;
1430 	const uint8_t* p;
1431 
1432 #pragma pack(push)
1433 #pragma pack(1)
1434 	struct _alone_header {
1435 	    uint8_t bytes[5];
1436 	    uint64_t uncompressed_size;
1437 	} alone_header;
1438 #pragma pack(pop)
1439 
1440 	/* To unpack ZIPX's "LZMA" (id 14) stream we can use standard liblzma that
1441 	 * is a part of XZ Utils. The stream format stored inside ZIPX file is a
1442 	 * modified "lzma alone" file format, that was used by the `lzma` utility
1443 	 * which was later deprecated in favour of `xz` utility. Since those
1444 	 * formats are nearly the same, we can use a standard "lzma alone" decoder
1445 	 * from XZ Utils. */
1446 
1447 	memset(&zip->zipx_lzma_stream, 0, sizeof(zip->zipx_lzma_stream));
1448 	r = lzma_alone_decoder(&zip->zipx_lzma_stream, UINT64_MAX);
1449 	if (r != LZMA_OK) {
1450 		archive_set_error(&(a->archive), ARCHIVE_ERRNO_MISC,
1451 		    "lzma initialization failed(%d)", r);
1452 
1453 		return (ARCHIVE_FAILED);
1454 	}
1455 
1456 	/* Flag the cleanup function that we want our lzma-related structures
1457 	 * to be freed later. */
1458 	zip->zipx_lzma_valid = 1;
1459 
1460 	/* The "lzma alone" file format and the stream format inside ZIPx are
1461 	 * almost the same. Here's an example of a structure of "lzma alone"
1462 	 * format:
1463 	 *
1464 	 * $ cat /bin/ls | lzma | xxd | head -n 1
1465 	 * 00000000: 5d00 0080 00ff ffff ffff ffff ff00 2814
1466 	 *
1467 	 *    5 bytes        8 bytes        n bytes
1468 	 * <lzma_params><uncompressed_size><data...>
1469 	 *
1470 	 * lzma_params is a 5-byte blob that has to be decoded to extract
1471 	 * parameters of this LZMA stream. The uncompressed_size field is an
1472 	 * uint64_t value that contains information about the size of the
1473 	 * uncompressed file, or UINT64_MAX if this value is unknown. The <data...>
1474 	 * part is the actual lzma-compressed data stream.
1475 	 *
1476 	 * Now here's the structure of the stream inside the ZIPX file:
1477 	 *
1478 	 * $ cat stream_inside_zipx | xxd | head -n 1
1479 	 * 00000000: 0914 0500 5d00 8000 0000 2814 .... ....
1480 	 *
1481 	 *  2byte   2byte    5 bytes     n bytes
1482 	 * <magic1><magic2><lzma_params><data...>
1483 	 *
1484 	 * This means that the ZIPX file contains an additional magic1 and magic2
1485 	 * headers, the lzma_params field contains the same parameter set as in the
1486 	 * "lzma alone" format, and the <data...> field is the same as in the "lzma
1487 	 * alone" format as well. Note that also the zipx format is missing the
1488 	 * uncompressed_size field.
1489 	 *
1490 	 * So, in order to use the "lzma alone" decoder for the zipx lzma stream,
1491 	 * we simply need to shuffle around some fields, prepare a new lzma alone
1492 	 * header, feed it into lzma alone decoder so it will initialize itself
1493 	 * properly, and then we can start feeding normal zipx lzma stream into the
1494 	 * decoder.
1495 	 */
1496 
1497 	/* Read magic1,magic2,lzma_params from the ZIPX stream. */
1498 	if((p = __archive_read_ahead(a, 9, NULL)) == NULL) {
1499 		archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1500 		    "Truncated lzma data");
1501 		return (ARCHIVE_FATAL);
1502 	}
1503 
1504 	if(p[2] != 0x05 || p[3] != 0x00) {
1505 		archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1506 		    "Invalid lzma data");
1507 		return (ARCHIVE_FATAL);
1508 	}
1509 
1510 	/* Prepare an lzma alone header: copy the lzma_params blob into a proper
1511 	 * place into the lzma alone header. */
1512 	memcpy(&alone_header.bytes[0], p + 4, 5);
1513 
1514 	/* Initialize the 'uncompressed size' field to unknown; we'll manually
1515 	 * monitor how many bytes there are still to be uncompressed. */
1516 	alone_header.uncompressed_size = UINT64_MAX;
1517 
1518 	if(!zip->uncompressed_buffer) {
1519 		zip->uncompressed_buffer_size = 256 * 1024;
1520 		zip->uncompressed_buffer =
1521 			(uint8_t*) malloc(zip->uncompressed_buffer_size);
1522 
1523 		if (zip->uncompressed_buffer == NULL) {
1524 			archive_set_error(&a->archive, ENOMEM,
1525 			    "No memory for lzma decompression");
1526 			return (ARCHIVE_FATAL);
1527 		}
1528 	}
1529 
1530 	zip->zipx_lzma_stream.next_in = (void*) &alone_header;
1531 	zip->zipx_lzma_stream.avail_in = sizeof(alone_header);
1532 	zip->zipx_lzma_stream.total_in = 0;
1533 	zip->zipx_lzma_stream.next_out = zip->uncompressed_buffer;
1534 	zip->zipx_lzma_stream.avail_out = zip->uncompressed_buffer_size;
1535 	zip->zipx_lzma_stream.total_out = 0;
1536 
1537 	/* Feed only the header into the lzma alone decoder. This will effectively
1538 	 * initialize the decoder, and will not produce any output bytes yet. */
1539 	r = lzma_code(&zip->zipx_lzma_stream, LZMA_RUN);
1540 	if (r != LZMA_OK) {
1541 		archive_set_error(&a->archive, ARCHIVE_ERRNO_PROGRAMMER,
1542 		    "lzma stream initialization error");
1543 		return ARCHIVE_FATAL;
1544 	}
1545 
1546 	/* We've already consumed some bytes, so take this into account. */
1547 	__archive_read_consume(a, 9);
1548 	zip->entry_bytes_remaining -= 9;
1549 	zip->entry_compressed_bytes_read += 9;
1550 
1551 	zip->decompress_init = 1;
1552 	return (ARCHIVE_OK);
1553 }
1554 
1555 static int
1556 zip_read_data_zipx_xz(struct archive_read *a, const void **buff,
1557 	size_t *size, int64_t *offset)
1558 {
1559 	struct zip* zip = (struct zip *)(a->format->data);
1560 	int ret;
1561 	lzma_ret lz_ret;
1562 	const void* compressed_buf;
1563 	ssize_t bytes_avail, in_bytes, to_consume = 0;
1564 
1565 	(void) offset; /* UNUSED */
1566 
1567 	/* Initialize decompressor if not yet initialized. */
1568 	if (!zip->decompress_init) {
1569 		ret = zipx_xz_init(a, zip);
1570 		if (ret != ARCHIVE_OK)
1571 			return (ret);
1572 	}
1573 
1574 	compressed_buf = __archive_read_ahead(a, 1, &bytes_avail);
1575 	if (bytes_avail < 0) {
1576 		archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1577 		    "Truncated xz file body");
1578 		return (ARCHIVE_FATAL);
1579 	}
1580 
1581 	in_bytes = zipmin(zip->entry_bytes_remaining, bytes_avail);
1582 	zip->zipx_lzma_stream.next_in = compressed_buf;
1583 	zip->zipx_lzma_stream.avail_in = in_bytes;
1584 	zip->zipx_lzma_stream.total_in = 0;
1585 	zip->zipx_lzma_stream.next_out = zip->uncompressed_buffer;
1586 	zip->zipx_lzma_stream.avail_out = zip->uncompressed_buffer_size;
1587 	zip->zipx_lzma_stream.total_out = 0;
1588 
1589 	/* Perform the decompression. */
1590 	lz_ret = lzma_code(&zip->zipx_lzma_stream, LZMA_RUN);
1591 	switch(lz_ret) {
1592 		case LZMA_DATA_ERROR:
1593 			archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1594 			    "xz data error (error %d)", (int) lz_ret);
1595 			return (ARCHIVE_FATAL);
1596 
1597 		case LZMA_NO_CHECK:
1598 		case LZMA_OK:
1599 			break;
1600 
1601 		default:
1602 			archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1603 			    "xz unknown error %d", (int) lz_ret);
1604 			return (ARCHIVE_FATAL);
1605 
1606 		case LZMA_STREAM_END:
1607 			lzma_end(&zip->zipx_lzma_stream);
1608 			zip->zipx_lzma_valid = 0;
1609 
1610 			if((int64_t) zip->zipx_lzma_stream.total_in !=
1611 			    zip->entry_bytes_remaining)
1612 			{
1613 				archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1614 				    "xz premature end of stream");
1615 				return (ARCHIVE_FATAL);
1616 			}
1617 
1618 			zip->end_of_entry = 1;
1619 			break;
1620 	}
1621 
1622 	to_consume = zip->zipx_lzma_stream.total_in;
1623 
1624 	__archive_read_consume(a, to_consume);
1625 	zip->entry_bytes_remaining -= to_consume;
1626 	zip->entry_compressed_bytes_read += to_consume;
1627 	zip->entry_uncompressed_bytes_read += zip->zipx_lzma_stream.total_out;
1628 
1629 	*size = zip->zipx_lzma_stream.total_out;
1630 	*buff = zip->uncompressed_buffer;
1631 
1632 	ret = consume_optional_marker(a, zip);
1633 	if (ret != ARCHIVE_OK)
1634 		return (ret);
1635 
1636 	return (ARCHIVE_OK);
1637 }
1638 
1639 static int
1640 zip_read_data_zipx_lzma_alone(struct archive_read *a, const void **buff,
1641     size_t *size, int64_t *offset)
1642 {
1643 	struct zip* zip = (struct zip *)(a->format->data);
1644 	int ret;
1645 	lzma_ret lz_ret;
1646 	const void* compressed_buf;
1647 	ssize_t bytes_avail, in_bytes, to_consume;
1648 
1649 	(void) offset; /* UNUSED */
1650 
1651 	/* Initialize decompressor if not yet initialized. */
1652 	if (!zip->decompress_init) {
1653 		ret = zipx_lzma_alone_init(a, zip);
1654 		if (ret != ARCHIVE_OK)
1655 			return (ret);
1656 	}
1657 
1658 	/* Fetch more compressed data. The same note as in deflate handler applies
1659 	 * here as well:
1660 	 *
1661 	 * Note: '1' here is a performance optimization. Recall that the
1662 	 * decompression layer returns a count of available bytes; asking for more
1663 	 * than that forces the decompressor to combine reads by copying data.
1664 	 */
1665 	compressed_buf = __archive_read_ahead(a, 1, &bytes_avail);
1666 	if (bytes_avail < 0) {
1667 		archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1668 		    "Truncated lzma file body");
1669 		return (ARCHIVE_FATAL);
1670 	}
1671 
1672 	/* Set decompressor parameters. */
1673 	in_bytes = zipmin(zip->entry_bytes_remaining, bytes_avail);
1674 
1675 	zip->zipx_lzma_stream.next_in = compressed_buf;
1676 	zip->zipx_lzma_stream.avail_in = in_bytes;
1677 	zip->zipx_lzma_stream.total_in = 0;
1678 	zip->zipx_lzma_stream.next_out = zip->uncompressed_buffer;
1679 	zip->zipx_lzma_stream.avail_out =
1680 		/* These lzma_alone streams lack end of stream marker, so let's make
1681 		 * sure the unpacker won't try to unpack more than it's supposed to. */
1682 		zipmin((int64_t) zip->uncompressed_buffer_size,
1683 		    zip->entry->uncompressed_size -
1684 		    zip->entry_uncompressed_bytes_read);
1685 	zip->zipx_lzma_stream.total_out = 0;
1686 
1687 	/* Perform the decompression. */
1688 	lz_ret = lzma_code(&zip->zipx_lzma_stream, LZMA_RUN);
1689 	switch(lz_ret) {
1690 		case LZMA_DATA_ERROR:
1691 			archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1692 			    "lzma data error (error %d)", (int) lz_ret);
1693 			return (ARCHIVE_FATAL);
1694 
1695 		case LZMA_OK:
1696 			break;
1697 
1698 		default:
1699 			archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1700 			    "lzma unknown error %d", (int) lz_ret);
1701 			return (ARCHIVE_FATAL);
1702 	}
1703 
1704 	to_consume = zip->zipx_lzma_stream.total_in;
1705 
1706 	/* Update pointers. */
1707 	__archive_read_consume(a, to_consume);
1708 	zip->entry_bytes_remaining -= to_consume;
1709 	zip->entry_compressed_bytes_read += to_consume;
1710 	zip->entry_uncompressed_bytes_read += zip->zipx_lzma_stream.total_out;
1711 
1712 	if(zip->entry_bytes_remaining == 0) {
1713 		zip->end_of_entry = 1;
1714 	}
1715 
1716 	/* Return values. */
1717 	*size = zip->zipx_lzma_stream.total_out;
1718 	*buff = zip->uncompressed_buffer;
1719 
1720 	/* Behave the same way as during deflate decompression. */
1721 	ret = consume_optional_marker(a, zip);
1722 	if (ret != ARCHIVE_OK)
1723 		return (ret);
1724 
1725 	/* Free lzma decoder handle because we'll no longer need it. */
1726 	if(zip->end_of_entry) {
1727 		lzma_end(&zip->zipx_lzma_stream);
1728 		zip->zipx_lzma_valid = 0;
1729 	}
1730 
1731 	/* If we're here, then we're good! */
1732 	return (ARCHIVE_OK);
1733 }
1734 #endif /* HAVE_LZMA_H && HAVE_LIBLZMA */
1735 
1736 static int
1737 zipx_ppmd8_init(struct archive_read *a, struct zip *zip)
1738 {
1739 	const void* p;
1740 	uint32_t val;
1741 	uint32_t order;
1742 	uint32_t mem;
1743 	uint32_t restore_method;
1744 
1745 	/* Remove previous decompression context if it exists. */
1746 	if(zip->ppmd8_valid) {
1747 		__archive_ppmd8_functions.Ppmd8_Free(&zip->ppmd8);
1748 		zip->ppmd8_valid = 0;
1749 	}
1750 
1751 	/* Create a new decompression context. */
1752 	__archive_ppmd8_functions.Ppmd8_Construct(&zip->ppmd8);
1753 
1754 	/* Setup function pointers required by Ppmd8 decompressor. The
1755 	 * 'ppmd_read' function will feed new bytes to the decompressor,
1756 	 * and will increment the 'zip->zipx_ppmd_read_compressed' counter. */
1757 	zip->ppmd8.Stream.In = &zip->zipx_ppmd_stream;
1758 	zip->zipx_ppmd_stream.a = a;
1759 	zip->zipx_ppmd_stream.Read = &ppmd_read;
1760 
1761 	/* Reset number of read bytes to 0. */
1762 	zip->zipx_ppmd_read_compressed = 0;
1763 
1764 	/* Read Ppmd8 header (2 bytes). */
1765 	p = __archive_read_ahead(a, 2, NULL);
1766 	if(!p) {
1767 		archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1768 		    "Truncated file data in PPMd8 stream");
1769 		return (ARCHIVE_FATAL);
1770 	}
1771 	__archive_read_consume(a, 2);
1772 
1773 	/* Decode the stream's compression parameters. */
1774 	val = archive_le16dec(p);
1775 	order = (val & 15) + 1;
1776 	mem = ((val >> 4) & 0xff) + 1;
1777 	restore_method = (val >> 12);
1778 
1779 	if(order < 2 || restore_method > 2) {
1780 		archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1781 		    "Invalid parameter set in PPMd8 stream (order=%d, "
1782 		    "restore=%d)", order, restore_method);
1783 		return (ARCHIVE_FAILED);
1784 	}
1785 
1786 	/* Allocate the memory needed to properly decompress the file. */
1787 	if(!__archive_ppmd8_functions.Ppmd8_Alloc(&zip->ppmd8, mem << 20)) {
1788 		archive_set_error(&a->archive, ENOMEM,
1789 		    "Unable to allocate memory for PPMd8 stream: %d bytes",
1790 		    mem << 20);
1791 		return (ARCHIVE_FATAL);
1792 	}
1793 
1794 	/* Signal the cleanup function to release Ppmd8 context in the
1795 	 * cleanup phase. */
1796 	zip->ppmd8_valid = 1;
1797 
1798 	/* Perform further Ppmd8 initialization. */
1799 	if(!__archive_ppmd8_functions.Ppmd8_RangeDec_Init(&zip->ppmd8)) {
1800 		archive_set_error(&a->archive, ARCHIVE_ERRNO_PROGRAMMER,
1801 		    "PPMd8 stream range decoder initialization error");
1802 		return (ARCHIVE_FATAL);
1803 	}
1804 
1805 	__archive_ppmd8_functions.Ppmd8_Init(&zip->ppmd8, order, restore_method);
1806 
1807 	/* Allocate the buffer that will hold uncompressed data. */
1808 	free(zip->uncompressed_buffer);
1809 
1810 	zip->uncompressed_buffer_size = 256 * 1024;
1811 	zip->uncompressed_buffer =
1812 	    (uint8_t*) malloc(zip->uncompressed_buffer_size);
1813 
1814 	if(zip->uncompressed_buffer == NULL) {
1815 		archive_set_error(&a->archive, ENOMEM,
1816 		    "No memory for PPMd8 decompression");
1817 		return ARCHIVE_FATAL;
1818 	}
1819 
1820 	/* Ppmd8 initialization is done. */
1821 	zip->decompress_init = 1;
1822 
1823 	/* We've already read 2 bytes in the output stream. Additionally,
1824 	 * Ppmd8 initialization code could read some data as well. So we
1825 	 * are advancing the stream by 2 bytes plus whatever number of
1826 	 * bytes Ppmd8 init function used. */
1827 	zip->entry_compressed_bytes_read += 2 + zip->zipx_ppmd_read_compressed;
1828 
1829 	return ARCHIVE_OK;
1830 }
1831 
1832 static int
1833 zip_read_data_zipx_ppmd(struct archive_read *a, const void **buff,
1834     size_t *size, int64_t *offset)
1835 {
1836 	struct zip* zip = (struct zip *)(a->format->data);
1837 	int ret;
1838 	size_t consumed_bytes = 0;
1839 	ssize_t bytes_avail = 0;
1840 
1841 	(void) offset; /* UNUSED */
1842 
1843 	/* If we're here for the first time, initialize Ppmd8 decompression
1844 	 * context first. */
1845 	if(!zip->decompress_init) {
1846 		ret = zipx_ppmd8_init(a, zip);
1847 		if(ret != ARCHIVE_OK)
1848 			return ret;
1849 	}
1850 
1851 	/* Fetch for more data. We're reading 1 byte here, but libarchive should
1852 	 * prefetch more bytes. */
1853 	(void) __archive_read_ahead(a, 1, &bytes_avail);
1854 	if(bytes_avail < 0) {
1855 		archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1856 		    "Truncated PPMd8 file body");
1857 		return (ARCHIVE_FATAL);
1858 	}
1859 
1860 	/* This counter will be updated inside ppmd_read(), which at one
1861 	 * point will be called by Ppmd8_DecodeSymbol. */
1862 	zip->zipx_ppmd_read_compressed = 0;
1863 
1864 	/* Decompression loop. */
1865 	do {
1866 		int sym = __archive_ppmd8_functions.Ppmd8_DecodeSymbol(&zip->ppmd8);
1867 		if(sym < 0) {
1868 			zip->end_of_entry = 1;
1869 			break;
1870 		}
1871 
1872 		zip->uncompressed_buffer[consumed_bytes] = (uint8_t) sym;
1873 		++consumed_bytes;
1874 	} while(consumed_bytes < zip->uncompressed_buffer_size);
1875 
1876 	/* Update pointers for libarchive. */
1877 	*buff = zip->uncompressed_buffer;
1878 	*size = consumed_bytes;
1879 
1880 	/* Update pointers so we can continue decompression in another call. */
1881 	zip->entry_bytes_remaining -= zip->zipx_ppmd_read_compressed;
1882 	zip->entry_compressed_bytes_read += zip->zipx_ppmd_read_compressed;
1883 	zip->entry_uncompressed_bytes_read += consumed_bytes;
1884 
1885 	/* If we're at the end of stream, deinitialize Ppmd8 context. */
1886 	if(zip->end_of_entry) {
1887 		__archive_ppmd8_functions.Ppmd8_Free(&zip->ppmd8);
1888 		zip->ppmd8_valid = 0;
1889 	}
1890 
1891 	/* Seek for optional marker, same way as in each zip entry. */
1892 	ret = consume_optional_marker(a, zip);
1893 	if (ret != ARCHIVE_OK)
1894 		return ret;
1895 
1896 	return ARCHIVE_OK;
1897 }
1898 
1899 #ifdef HAVE_BZLIB_H
1900 static int
1901 zipx_bzip2_init(struct archive_read *a, struct zip *zip)
1902 {
1903 	int r;
1904 
1905 	/* Deallocate already existing BZ2 decompression context if it
1906 	 * exists. */
1907 	if(zip->bzstream_valid) {
1908 		BZ2_bzDecompressEnd(&zip->bzstream);
1909 		zip->bzstream_valid = 0;
1910 	}
1911 
1912 	/* Allocate a new BZ2 decompression context. */
1913 	memset(&zip->bzstream, 0, sizeof(bz_stream));
1914 	r = BZ2_bzDecompressInit(&zip->bzstream, 0, 1);
1915 	if(r != BZ_OK) {
1916 		archive_set_error(&(a->archive), ARCHIVE_ERRNO_MISC,
1917 		    "bzip2 initialization failed(%d)",
1918 		    r);
1919 
1920 		return ARCHIVE_FAILED;
1921 	}
1922 
1923 	/* Mark the bzstream field to be released in cleanup phase. */
1924 	zip->bzstream_valid = 1;
1925 
1926 	/* (Re)allocate the buffer that will contain decompressed bytes. */
1927 	free(zip->uncompressed_buffer);
1928 
1929 	zip->uncompressed_buffer_size = 256 * 1024;
1930 	zip->uncompressed_buffer =
1931 	    (uint8_t*) malloc(zip->uncompressed_buffer_size);
1932 	if (zip->uncompressed_buffer == NULL) {
1933 		archive_set_error(&a->archive, ENOMEM,
1934 		    "No memory for bzip2 decompression");
1935 		    return ARCHIVE_FATAL;
1936 	}
1937 
1938 	/* Initialization done. */
1939 	zip->decompress_init = 1;
1940 	return ARCHIVE_OK;
1941 }
1942 
1943 static int
1944 zip_read_data_zipx_bzip2(struct archive_read *a, const void **buff,
1945     size_t *size, int64_t *offset)
1946 {
1947 	struct zip *zip = (struct zip *)(a->format->data);
1948 	ssize_t bytes_avail = 0, in_bytes, to_consume;
1949 	const void *compressed_buff;
1950 	int r;
1951 	uint64_t total_out;
1952 
1953 	(void) offset; /* UNUSED */
1954 
1955 	/* Initialize decompression context if we're here for the first time. */
1956 	if(!zip->decompress_init) {
1957 		r = zipx_bzip2_init(a, zip);
1958 		if(r != ARCHIVE_OK)
1959 			return r;
1960 	}
1961 
1962 	/* Fetch more compressed bytes. */
1963 	compressed_buff = __archive_read_ahead(a, 1, &bytes_avail);
1964 	if(bytes_avail < 0) {
1965 		archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1966 		    "Truncated bzip2 file body");
1967 		return (ARCHIVE_FATAL);
1968 	}
1969 
1970 	in_bytes = zipmin(zip->entry_bytes_remaining, bytes_avail);
1971 
1972 	/* Setup buffer boundaries. */
1973 	zip->bzstream.next_in = (char*)(uintptr_t) compressed_buff;
1974 	zip->bzstream.avail_in = in_bytes;
1975 	zip->bzstream.total_in_hi32 = 0;
1976 	zip->bzstream.total_in_lo32 = 0;
1977 	zip->bzstream.next_out = (char*) zip->uncompressed_buffer;
1978 	zip->bzstream.avail_out = zip->uncompressed_buffer_size;
1979 	zip->bzstream.total_out_hi32 = 0;
1980 	zip->bzstream.total_out_lo32 = 0;
1981 
1982 	/* Perform the decompression. */
1983 	r = BZ2_bzDecompress(&zip->bzstream);
1984 	switch(r) {
1985 		case BZ_STREAM_END:
1986 			/* If we're at the end of the stream, deinitialize the
1987 			 * decompression context now. */
1988 			switch(BZ2_bzDecompressEnd(&zip->bzstream)) {
1989 				case BZ_OK:
1990 					break;
1991 				default:
1992 					archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1993 					    "Failed to clean up bzip2 decompressor");
1994 					return ARCHIVE_FATAL;
1995 			}
1996 
1997 			zip->end_of_entry = 1;
1998 			break;
1999 		case BZ_OK:
2000 			/* The decompressor has successfully decoded this chunk of
2001 			 * data, but more data is still in queue. */
2002 			break;
2003 		default:
2004 			archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
2005 			    "bzip2 decompression failed");
2006 			return ARCHIVE_FATAL;
2007 	}
2008 
2009 	/* Update the pointers so decompressor can continue decoding. */
2010 	to_consume = zip->bzstream.total_in_lo32;
2011 	__archive_read_consume(a, to_consume);
2012 
2013 	total_out = ((uint64_t) zip->bzstream.total_out_hi32 << 32) +
2014 	    zip->bzstream.total_out_lo32;
2015 
2016 	zip->entry_bytes_remaining -= to_consume;
2017 	zip->entry_compressed_bytes_read += to_consume;
2018 	zip->entry_uncompressed_bytes_read += total_out;
2019 
2020 	/* Give libarchive its due. */
2021 	*size = total_out;
2022 	*buff = zip->uncompressed_buffer;
2023 
2024 	/* Seek for optional marker, like in other entries. */
2025 	r = consume_optional_marker(a, zip);
2026 	if(r != ARCHIVE_OK)
2027 		return r;
2028 
2029 	return ARCHIVE_OK;
2030 }
2031 
2032 #endif
2033 
2034 #ifdef HAVE_ZLIB_H
2035 static int
2036 zip_deflate_init(struct archive_read *a, struct zip *zip)
2037 {
2038 	int r;
2039 
2040 	/* If we haven't yet read any data, initialize the decompressor. */
2041 	if (!zip->decompress_init) {
2042 		if (zip->stream_valid)
2043 			r = inflateReset(&zip->stream);
2044 		else
2045 			r = inflateInit2(&zip->stream,
2046 			    -15 /* Don't check for zlib header */);
2047 		if (r != Z_OK) {
2048 			archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
2049 			    "Can't initialize ZIP decompression.");
2050 			return (ARCHIVE_FATAL);
2051 		}
2052 		/* Stream structure has been set up. */
2053 		zip->stream_valid = 1;
2054 		/* We've initialized decompression for this stream. */
2055 		zip->decompress_init = 1;
2056 	}
2057 	return (ARCHIVE_OK);
2058 }
2059 
2060 static int
2061 zip_read_data_deflate(struct archive_read *a, const void **buff,
2062     size_t *size, int64_t *offset)
2063 {
2064 	struct zip *zip;
2065 	ssize_t bytes_avail;
2066 	const void *compressed_buff, *sp;
2067 	int r;
2068 
2069 	(void)offset; /* UNUSED */
2070 
2071 	zip = (struct zip *)(a->format->data);
2072 
2073 	/* If the buffer hasn't been allocated, allocate it now. */
2074 	if (zip->uncompressed_buffer == NULL) {
2075 		zip->uncompressed_buffer_size = 256 * 1024;
2076 		zip->uncompressed_buffer
2077 		    = (unsigned char *)malloc(zip->uncompressed_buffer_size);
2078 		if (zip->uncompressed_buffer == NULL) {
2079 			archive_set_error(&a->archive, ENOMEM,
2080 			    "No memory for ZIP decompression");
2081 			return (ARCHIVE_FATAL);
2082 		}
2083 	}
2084 
2085 	r = zip_deflate_init(a, zip);
2086 	if (r != ARCHIVE_OK)
2087 		return (r);
2088 
2089 	/*
2090 	 * Note: '1' here is a performance optimization.
2091 	 * Recall that the decompression layer returns a count of
2092 	 * available bytes; asking for more than that forces the
2093 	 * decompressor to combine reads by copying data.
2094 	 */
2095 	compressed_buff = sp = __archive_read_ahead(a, 1, &bytes_avail);
2096 	if (0 == (zip->entry->zip_flags & ZIP_LENGTH_AT_END)
2097 	    && bytes_avail > zip->entry_bytes_remaining) {
2098 		bytes_avail = (ssize_t)zip->entry_bytes_remaining;
2099 	}
2100 	if (bytes_avail < 0) {
2101 		archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2102 		    "Truncated ZIP file body");
2103 		return (ARCHIVE_FATAL);
2104 	}
2105 
2106 	if (zip->tctx_valid || zip->cctx_valid) {
2107 		if (zip->decrypted_bytes_remaining < (size_t)bytes_avail) {
2108 			size_t buff_remaining =
2109 			    (zip->decrypted_buffer + zip->decrypted_buffer_size)
2110 			    - (zip->decrypted_ptr + zip->decrypted_bytes_remaining);
2111 
2112 			if (buff_remaining > (size_t)bytes_avail)
2113 				buff_remaining = (size_t)bytes_avail;
2114 
2115 			if (0 == (zip->entry->zip_flags & ZIP_LENGTH_AT_END) &&
2116 			      zip->entry_bytes_remaining > 0) {
2117 				if ((int64_t)(zip->decrypted_bytes_remaining
2118 				    + buff_remaining)
2119 				      > zip->entry_bytes_remaining) {
2120 					if (zip->entry_bytes_remaining <
2121 					      (int64_t)zip->decrypted_bytes_remaining)
2122 						buff_remaining = 0;
2123 					else
2124 						buff_remaining =
2125 						    (size_t)zip->entry_bytes_remaining
2126 						      - zip->decrypted_bytes_remaining;
2127 				}
2128 			}
2129 			if (buff_remaining > 0) {
2130 				if (zip->tctx_valid) {
2131 					trad_enc_decrypt_update(&zip->tctx,
2132 					    compressed_buff, buff_remaining,
2133 					    zip->decrypted_ptr
2134 					      + zip->decrypted_bytes_remaining,
2135 					    buff_remaining);
2136 				} else {
2137 					size_t dsize = buff_remaining;
2138 					archive_decrypto_aes_ctr_update(
2139 					    &zip->cctx,
2140 					    compressed_buff, buff_remaining,
2141 					    zip->decrypted_ptr
2142 					      + zip->decrypted_bytes_remaining,
2143 					    &dsize);
2144 				}
2145 				zip->decrypted_bytes_remaining += buff_remaining;
2146 			}
2147 		}
2148 		bytes_avail = zip->decrypted_bytes_remaining;
2149 		compressed_buff = (const char *)zip->decrypted_ptr;
2150 	}
2151 
2152 	/*
2153 	 * A bug in zlib.h: stream.next_in should be marked 'const'
2154 	 * but isn't (the library never alters data through the
2155 	 * next_in pointer, only reads it).  The result: this ugly
2156 	 * cast to remove 'const'.
2157 	 */
2158 	zip->stream.next_in = (Bytef *)(uintptr_t)(const void *)compressed_buff;
2159 	zip->stream.avail_in = (uInt)bytes_avail;
2160 	zip->stream.total_in = 0;
2161 	zip->stream.next_out = zip->uncompressed_buffer;
2162 	zip->stream.avail_out = (uInt)zip->uncompressed_buffer_size;
2163 	zip->stream.total_out = 0;
2164 
2165 	r = inflate(&zip->stream, 0);
2166 	switch (r) {
2167 	case Z_OK:
2168 		break;
2169 	case Z_STREAM_END:
2170 		zip->end_of_entry = 1;
2171 		break;
2172 	case Z_MEM_ERROR:
2173 		archive_set_error(&a->archive, ENOMEM,
2174 		    "Out of memory for ZIP decompression");
2175 		return (ARCHIVE_FATAL);
2176 	default:
2177 		archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
2178 		    "ZIP decompression failed (%d)", r);
2179 		return (ARCHIVE_FATAL);
2180 	}
2181 
2182 	/* Consume as much as the compressor actually used. */
2183 	bytes_avail = zip->stream.total_in;
2184 	if (zip->tctx_valid || zip->cctx_valid) {
2185 		zip->decrypted_bytes_remaining -= bytes_avail;
2186 		if (zip->decrypted_bytes_remaining == 0)
2187 			zip->decrypted_ptr = zip->decrypted_buffer;
2188 		else
2189 			zip->decrypted_ptr += bytes_avail;
2190 	}
2191 	/* Calculate compressed data as much as we used.*/
2192 	if (zip->hctx_valid)
2193 		archive_hmac_sha1_update(&zip->hctx, sp, bytes_avail);
2194 	__archive_read_consume(a, bytes_avail);
2195 	zip->entry_bytes_remaining -= bytes_avail;
2196 	zip->entry_compressed_bytes_read += bytes_avail;
2197 
2198 	*size = zip->stream.total_out;
2199 	zip->entry_uncompressed_bytes_read += zip->stream.total_out;
2200 	*buff = zip->uncompressed_buffer;
2201 
2202 	if (zip->end_of_entry && zip->hctx_valid) {
2203 		r = check_authentication_code(a, NULL);
2204 		if (r != ARCHIVE_OK)
2205 			return (r);
2206 	}
2207 
2208 	r = consume_optional_marker(a, zip);
2209 	if (r != ARCHIVE_OK)
2210 		return (r);
2211 
2212 	return (ARCHIVE_OK);
2213 }
2214 #endif
2215 
2216 static int
2217 read_decryption_header(struct archive_read *a)
2218 {
2219 	struct zip *zip = (struct zip *)(a->format->data);
2220 	const char *p;
2221 	unsigned int remaining_size;
2222 	unsigned int ts;
2223 
2224 	/*
2225 	 * Read an initialization vector data field.
2226 	 */
2227 	p = __archive_read_ahead(a, 2, NULL);
2228 	if (p == NULL)
2229 		goto truncated;
2230 	ts = zip->iv_size;
2231 	zip->iv_size = archive_le16dec(p);
2232 	__archive_read_consume(a, 2);
2233 	if (ts < zip->iv_size) {
2234 		free(zip->iv);
2235 		zip->iv = NULL;
2236 	}
2237 	p = __archive_read_ahead(a, zip->iv_size, NULL);
2238 	if (p == NULL)
2239 		goto truncated;
2240 	if (zip->iv == NULL) {
2241 		zip->iv = malloc(zip->iv_size);
2242 		if (zip->iv == NULL)
2243 			goto nomem;
2244 	}
2245 	memcpy(zip->iv, p, zip->iv_size);
2246 	__archive_read_consume(a, zip->iv_size);
2247 
2248 	/*
2249 	 * Read a size of remaining decryption header field.
2250 	 */
2251 	p = __archive_read_ahead(a, 14, NULL);
2252 	if (p == NULL)
2253 		goto truncated;
2254 	remaining_size = archive_le32dec(p);
2255 	if (remaining_size < 16 || remaining_size > (1 << 18))
2256 		goto corrupted;
2257 
2258 	/* Check if format version is supported. */
2259 	if (archive_le16dec(p+4) != 3) {
2260 		archive_set_error(&a->archive,
2261 		    ARCHIVE_ERRNO_FILE_FORMAT,
2262 		    "Unsupported encryption format version: %u",
2263 		    archive_le16dec(p+4));
2264 		return (ARCHIVE_FAILED);
2265 	}
2266 
2267 	/*
2268 	 * Read an encryption algorithm field.
2269 	 */
2270 	zip->alg_id = archive_le16dec(p+6);
2271 	switch (zip->alg_id) {
2272 	case 0x6601:/* DES */
2273 	case 0x6602:/* RC2 */
2274 	case 0x6603:/* 3DES 168 */
2275 	case 0x6609:/* 3DES 112 */
2276 	case 0x660E:/* AES 128 */
2277 	case 0x660F:/* AES 192 */
2278 	case 0x6610:/* AES 256 */
2279 	case 0x6702:/* RC2 (version >= 5.2) */
2280 	case 0x6720:/* Blowfish */
2281 	case 0x6721:/* Twofish */
2282 	case 0x6801:/* RC4 */
2283 		/* Supported encryption algorithm. */
2284 		break;
2285 	default:
2286 		archive_set_error(&a->archive,
2287 		    ARCHIVE_ERRNO_FILE_FORMAT,
2288 		    "Unknown encryption algorithm: %u", zip->alg_id);
2289 		return (ARCHIVE_FAILED);
2290 	}
2291 
2292 	/*
2293 	 * Read a bit length field.
2294 	 */
2295 	zip->bit_len = archive_le16dec(p+8);
2296 
2297 	/*
2298 	 * Read a flags field.
2299 	 */
2300 	zip->flags = archive_le16dec(p+10);
2301 	switch (zip->flags & 0xf000) {
2302 	case 0x0001: /* Password is required to decrypt. */
2303 	case 0x0002: /* Certificates only. */
2304 	case 0x0003: /* Password or certificate required to decrypt. */
2305 		break;
2306 	default:
2307 		archive_set_error(&a->archive,
2308 		    ARCHIVE_ERRNO_FILE_FORMAT,
2309 		    "Unknown encryption flag: %u", zip->flags);
2310 		return (ARCHIVE_FAILED);
2311 	}
2312 	if ((zip->flags & 0xf000) == 0 ||
2313 	    (zip->flags & 0xf000) == 0x4000) {
2314 		archive_set_error(&a->archive,
2315 		    ARCHIVE_ERRNO_FILE_FORMAT,
2316 		    "Unknown encryption flag: %u", zip->flags);
2317 		return (ARCHIVE_FAILED);
2318 	}
2319 
2320 	/*
2321 	 * Read an encrypted random data field.
2322 	 */
2323 	ts = zip->erd_size;
2324 	zip->erd_size = archive_le16dec(p+12);
2325 	__archive_read_consume(a, 14);
2326 	if ((zip->erd_size & 0xf) != 0 ||
2327 	    (zip->erd_size + 16) > remaining_size ||
2328 	    (zip->erd_size + 16) < zip->erd_size)
2329 		goto corrupted;
2330 
2331 	if (ts < zip->erd_size) {
2332 		free(zip->erd);
2333 		zip->erd = NULL;
2334 	}
2335 	p = __archive_read_ahead(a, zip->erd_size, NULL);
2336 	if (p == NULL)
2337 		goto truncated;
2338 	if (zip->erd == NULL) {
2339 		zip->erd = malloc(zip->erd_size);
2340 		if (zip->erd == NULL)
2341 			goto nomem;
2342 	}
2343 	memcpy(zip->erd, p, zip->erd_size);
2344 	__archive_read_consume(a, zip->erd_size);
2345 
2346 	/*
2347 	 * Read a reserved data field.
2348 	 */
2349 	p = __archive_read_ahead(a, 4, NULL);
2350 	if (p == NULL)
2351 		goto truncated;
2352 	/* Reserved data size should be zero. */
2353 	if (archive_le32dec(p) != 0)
2354 		goto corrupted;
2355 	__archive_read_consume(a, 4);
2356 
2357 	/*
2358 	 * Read a password validation data field.
2359 	 */
2360 	p = __archive_read_ahead(a, 2, NULL);
2361 	if (p == NULL)
2362 		goto truncated;
2363 	ts = zip->v_size;
2364 	zip->v_size = archive_le16dec(p);
2365 	__archive_read_consume(a, 2);
2366 	if ((zip->v_size & 0x0f) != 0 ||
2367 	    (zip->erd_size + zip->v_size + 16) > remaining_size ||
2368 	    (zip->erd_size + zip->v_size + 16) < (zip->erd_size + zip->v_size))
2369 		goto corrupted;
2370 	if (ts < zip->v_size) {
2371 		free(zip->v_data);
2372 		zip->v_data = NULL;
2373 	}
2374 	p = __archive_read_ahead(a, zip->v_size, NULL);
2375 	if (p == NULL)
2376 		goto truncated;
2377 	if (zip->v_data == NULL) {
2378 		zip->v_data = malloc(zip->v_size);
2379 		if (zip->v_data == NULL)
2380 			goto nomem;
2381 	}
2382 	memcpy(zip->v_data, p, zip->v_size);
2383 	__archive_read_consume(a, zip->v_size);
2384 
2385 	p = __archive_read_ahead(a, 4, NULL);
2386 	if (p == NULL)
2387 		goto truncated;
2388 	zip->v_crc32 = archive_le32dec(p);
2389 	__archive_read_consume(a, 4);
2390 
2391 	/*return (ARCHIVE_OK);
2392 	 * This is not fully implemented yet.*/
2393 	archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2394 	    "Encrypted file is unsupported");
2395 	return (ARCHIVE_FAILED);
2396 truncated:
2397 	archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2398 	    "Truncated ZIP file data");
2399 	return (ARCHIVE_FATAL);
2400 corrupted:
2401 	archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2402 	    "Corrupted ZIP file data");
2403 	return (ARCHIVE_FATAL);
2404 nomem:
2405 	archive_set_error(&a->archive, ENOMEM,
2406 	    "No memory for ZIP decryption");
2407 	return (ARCHIVE_FATAL);
2408 }
2409 
2410 static int
2411 zip_alloc_decryption_buffer(struct archive_read *a)
2412 {
2413 	struct zip *zip = (struct zip *)(a->format->data);
2414 	size_t bs = 256 * 1024;
2415 
2416 	if (zip->decrypted_buffer == NULL) {
2417 		zip->decrypted_buffer_size = bs;
2418 		zip->decrypted_buffer = malloc(bs);
2419 		if (zip->decrypted_buffer == NULL) {
2420 			archive_set_error(&a->archive, ENOMEM,
2421 			    "No memory for ZIP decryption");
2422 			return (ARCHIVE_FATAL);
2423 		}
2424 	}
2425 	zip->decrypted_ptr = zip->decrypted_buffer;
2426 	return (ARCHIVE_OK);
2427 }
2428 
2429 static int
2430 init_traditional_PKWARE_decryption(struct archive_read *a)
2431 {
2432 	struct zip *zip = (struct zip *)(a->format->data);
2433 	const void *p;
2434 	int retry;
2435 	int r;
2436 
2437 	if (zip->tctx_valid)
2438 		return (ARCHIVE_OK);
2439 
2440 	/*
2441 	   Read the 12 bytes encryption header stored at
2442 	   the start of the data area.
2443 	 */
2444 #define ENC_HEADER_SIZE	12
2445 	if (0 == (zip->entry->zip_flags & ZIP_LENGTH_AT_END)
2446 	    && zip->entry_bytes_remaining < ENC_HEADER_SIZE) {
2447 		archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2448 		    "Truncated Zip encrypted body: only %jd bytes available",
2449 		    (intmax_t)zip->entry_bytes_remaining);
2450 		return (ARCHIVE_FATAL);
2451 	}
2452 
2453 	p = __archive_read_ahead(a, ENC_HEADER_SIZE, NULL);
2454 	if (p == NULL) {
2455 		archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2456 		    "Truncated ZIP file data");
2457 		return (ARCHIVE_FATAL);
2458 	}
2459 
2460 	for (retry = 0;; retry++) {
2461 		const char *passphrase;
2462 		uint8_t crcchk;
2463 
2464 		passphrase = __archive_read_next_passphrase(a);
2465 		if (passphrase == NULL) {
2466 			archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
2467 			    (retry > 0)?
2468 				"Incorrect passphrase":
2469 				"Passphrase required for this entry");
2470 			return (ARCHIVE_FAILED);
2471 		}
2472 
2473 		/*
2474 		 * Initialize ctx for Traditional PKWARE Decryption.
2475 		 */
2476 		r = trad_enc_init(&zip->tctx, passphrase, strlen(passphrase),
2477 			p, ENC_HEADER_SIZE, &crcchk);
2478 		if (r == 0 && crcchk == zip->entry->decdat)
2479 			break;/* The passphrase is OK. */
2480 		if (retry > 10000) {
2481 			/* Avoid infinity loop. */
2482 			archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
2483 			    "Too many incorrect passphrases");
2484 			return (ARCHIVE_FAILED);
2485 		}
2486 	}
2487 
2488 	__archive_read_consume(a, ENC_HEADER_SIZE);
2489 	zip->tctx_valid = 1;
2490 	if (0 == (zip->entry->zip_flags & ZIP_LENGTH_AT_END)) {
2491 	    zip->entry_bytes_remaining -= ENC_HEADER_SIZE;
2492 	}
2493 	/*zip->entry_uncompressed_bytes_read += ENC_HEADER_SIZE;*/
2494 	zip->entry_compressed_bytes_read += ENC_HEADER_SIZE;
2495 	zip->decrypted_bytes_remaining = 0;
2496 
2497 	return (zip_alloc_decryption_buffer(a));
2498 #undef ENC_HEADER_SIZE
2499 }
2500 
2501 static int
2502 init_WinZip_AES_decryption(struct archive_read *a)
2503 {
2504 	struct zip *zip = (struct zip *)(a->format->data);
2505 	const void *p;
2506 	const uint8_t *pv;
2507 	size_t key_len, salt_len;
2508 	uint8_t derived_key[MAX_DERIVED_KEY_BUF_SIZE];
2509 	int retry;
2510 	int r;
2511 
2512 	if (zip->cctx_valid || zip->hctx_valid)
2513 		return (ARCHIVE_OK);
2514 
2515 	switch (zip->entry->aes_extra.strength) {
2516 	case 1: salt_len = 8;  key_len = 16; break;
2517 	case 2: salt_len = 12; key_len = 24; break;
2518 	case 3: salt_len = 16; key_len = 32; break;
2519 	default: goto corrupted;
2520 	}
2521 	p = __archive_read_ahead(a, salt_len + 2, NULL);
2522 	if (p == NULL)
2523 		goto truncated;
2524 
2525 	for (retry = 0;; retry++) {
2526 		const char *passphrase;
2527 
2528 		passphrase = __archive_read_next_passphrase(a);
2529 		if (passphrase == NULL) {
2530 			archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
2531 			    (retry > 0)?
2532 				"Incorrect passphrase":
2533 				"Passphrase required for this entry");
2534 			return (ARCHIVE_FAILED);
2535 		}
2536 		memset(derived_key, 0, sizeof(derived_key));
2537 		r = archive_pbkdf2_sha1(passphrase, strlen(passphrase),
2538 		    p, salt_len, 1000, derived_key, key_len * 2 + 2);
2539 		if (r != 0) {
2540 			archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
2541 			    "Decryption is unsupported due to lack of "
2542 			    "crypto library");
2543 			return (ARCHIVE_FAILED);
2544 		}
2545 
2546 		/* Check password verification value. */
2547 		pv = ((const uint8_t *)p) + salt_len;
2548 		if (derived_key[key_len * 2] == pv[0] &&
2549 		    derived_key[key_len * 2 + 1] == pv[1])
2550 			break;/* The passphrase is OK. */
2551 		if (retry > 10000) {
2552 			/* Avoid infinity loop. */
2553 			archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
2554 			    "Too many incorrect passphrases");
2555 			return (ARCHIVE_FAILED);
2556 		}
2557 	}
2558 
2559 	r = archive_decrypto_aes_ctr_init(&zip->cctx, derived_key, key_len);
2560 	if (r != 0) {
2561 		archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
2562 		    "Decryption is unsupported due to lack of crypto library");
2563 		return (ARCHIVE_FAILED);
2564 	}
2565 	r = archive_hmac_sha1_init(&zip->hctx, derived_key + key_len, key_len);
2566 	if (r != 0) {
2567 		archive_decrypto_aes_ctr_release(&zip->cctx);
2568 		archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
2569 		    "Failed to initialize HMAC-SHA1");
2570 		return (ARCHIVE_FAILED);
2571 	}
2572 	zip->cctx_valid = zip->hctx_valid = 1;
2573 	__archive_read_consume(a, salt_len + 2);
2574 	zip->entry_bytes_remaining -= salt_len + 2 + AUTH_CODE_SIZE;
2575 	if (0 == (zip->entry->zip_flags & ZIP_LENGTH_AT_END)
2576 	    && zip->entry_bytes_remaining < 0)
2577 		goto corrupted;
2578 	zip->entry_compressed_bytes_read += salt_len + 2 + AUTH_CODE_SIZE;
2579 	zip->decrypted_bytes_remaining = 0;
2580 
2581 	zip->entry->compression = zip->entry->aes_extra.compression;
2582 	return (zip_alloc_decryption_buffer(a));
2583 
2584 truncated:
2585 	archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2586 	    "Truncated ZIP file data");
2587 	return (ARCHIVE_FATAL);
2588 corrupted:
2589 	archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2590 	    "Corrupted ZIP file data");
2591 	return (ARCHIVE_FATAL);
2592 }
2593 
2594 static int
2595 archive_read_format_zip_read_data(struct archive_read *a,
2596     const void **buff, size_t *size, int64_t *offset)
2597 {
2598 	int r;
2599 	struct zip *zip = (struct zip *)(a->format->data);
2600 
2601 	if (zip->has_encrypted_entries ==
2602 			ARCHIVE_READ_FORMAT_ENCRYPTION_DONT_KNOW) {
2603 		zip->has_encrypted_entries = 0;
2604 	}
2605 
2606 	*offset = zip->entry_uncompressed_bytes_read;
2607 	*size = 0;
2608 	*buff = NULL;
2609 
2610 	/* If we hit end-of-entry last time, return ARCHIVE_EOF. */
2611 	if (zip->end_of_entry)
2612 		return (ARCHIVE_EOF);
2613 
2614 	/* Return EOF immediately if this is a non-regular file. */
2615 	if (AE_IFREG != (zip->entry->mode & AE_IFMT))
2616 		return (ARCHIVE_EOF);
2617 
2618 	__archive_read_consume(a, zip->unconsumed);
2619 	zip->unconsumed = 0;
2620 
2621 	if (zip->init_decryption) {
2622 		zip->has_encrypted_entries = 1;
2623 		if (zip->entry->zip_flags & ZIP_STRONG_ENCRYPTED)
2624 			r = read_decryption_header(a);
2625 		else if (zip->entry->compression == WINZIP_AES_ENCRYPTION)
2626 			r = init_WinZip_AES_decryption(a);
2627 		else
2628 			r = init_traditional_PKWARE_decryption(a);
2629 		if (r != ARCHIVE_OK)
2630 			return (r);
2631 		zip->init_decryption = 0;
2632 	}
2633 
2634 	switch(zip->entry->compression) {
2635 	case 0:  /* No compression. */
2636 		r =  zip_read_data_none(a, buff, size, offset);
2637 		break;
2638 #ifdef HAVE_BZLIB_H
2639 	case 12: /* ZIPx bzip2 compression. */
2640 		r = zip_read_data_zipx_bzip2(a, buff, size, offset);
2641 		break;
2642 #endif
2643 #if HAVE_LZMA_H && HAVE_LIBLZMA
2644 	case 14: /* ZIPx LZMA compression. */
2645 		r = zip_read_data_zipx_lzma_alone(a, buff, size, offset);
2646 		break;
2647 	case 95: /* ZIPx XZ compression. */
2648 		r = zip_read_data_zipx_xz(a, buff, size, offset);
2649 		break;
2650 #endif
2651 	/* PPMd support is built-in, so we don't need any #if guards. */
2652 	case 98: /* ZIPx PPMd compression. */
2653 		r = zip_read_data_zipx_ppmd(a, buff, size, offset);
2654 		break;
2655 
2656 #ifdef HAVE_ZLIB_H
2657 	case 8: /* Deflate compression. */
2658 		r =  zip_read_data_deflate(a, buff, size, offset);
2659 		break;
2660 #endif
2661 	default: /* Unsupported compression. */
2662 		/* Return a warning. */
2663 		archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2664 		    "Unsupported ZIP compression method (%d: %s)",
2665 		    zip->entry->compression, compression_name(zip->entry->compression));
2666 		/* We can't decompress this entry, but we will
2667 		 * be able to skip() it and try the next entry. */
2668 		return (ARCHIVE_FAILED);
2669 		break;
2670 	}
2671 	if (r != ARCHIVE_OK)
2672 		return (r);
2673 	/* Update checksum */
2674 	if (*size)
2675 		zip->entry_crc32 = zip->crc32func(zip->entry_crc32, *buff,
2676 		    (unsigned)*size);
2677 	/* If we hit the end, swallow any end-of-data marker. */
2678 	if (zip->end_of_entry) {
2679 		/* Check file size, CRC against these values. */
2680 		if (zip->entry->compressed_size !=
2681 		    zip->entry_compressed_bytes_read) {
2682 			archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
2683 			    "ZIP compressed data is wrong size "
2684 			    "(read %jd, expected %jd)",
2685 			    (intmax_t)zip->entry_compressed_bytes_read,
2686 			    (intmax_t)zip->entry->compressed_size);
2687 			return (ARCHIVE_WARN);
2688 		}
2689 		/* Size field only stores the lower 32 bits of the actual
2690 		 * size. */
2691 		if ((zip->entry->uncompressed_size & UINT32_MAX)
2692 		    != (zip->entry_uncompressed_bytes_read & UINT32_MAX)) {
2693 			archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
2694 			    "ZIP uncompressed data is wrong size "
2695 			    "(read %jd, expected %jd)\n",
2696 			    (intmax_t)zip->entry_uncompressed_bytes_read,
2697 			    (intmax_t)zip->entry->uncompressed_size);
2698 			return (ARCHIVE_WARN);
2699 		}
2700 		/* Check computed CRC against header */
2701 		if ((!zip->hctx_valid ||
2702 		      zip->entry->aes_extra.vendor != AES_VENDOR_AE_2) &&
2703 		   zip->entry->crc32 != zip->entry_crc32
2704 		    && !zip->ignore_crc32) {
2705 			archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
2706 			    "ZIP bad CRC: 0x%lx should be 0x%lx",
2707 			    (unsigned long)zip->entry_crc32,
2708 			    (unsigned long)zip->entry->crc32);
2709 			return (ARCHIVE_WARN);
2710 		}
2711 	}
2712 
2713 	return (ARCHIVE_OK);
2714 }
2715 
2716 static int
2717 archive_read_format_zip_cleanup(struct archive_read *a)
2718 {
2719 	struct zip *zip;
2720 	struct zip_entry *zip_entry, *next_zip_entry;
2721 
2722 	zip = (struct zip *)(a->format->data);
2723 
2724 #ifdef HAVE_ZLIB_H
2725 	if (zip->stream_valid)
2726 		inflateEnd(&zip->stream);
2727 #endif
2728 
2729 #if HAVA_LZMA_H && HAVE_LIBLZMA
2730     if (zip->zipx_lzma_valid) {
2731 		lzma_end(&zip->zipx_lzma_stream);
2732 	}
2733 #endif
2734 
2735 #ifdef HAVE_BZLIB_H
2736 	if (zip->bzstream_valid) {
2737 		BZ2_bzDecompressEnd(&zip->bzstream);
2738 	}
2739 #endif
2740 
2741 	free(zip->uncompressed_buffer);
2742 
2743 	if (zip->ppmd8_valid)
2744 		__archive_ppmd8_functions.Ppmd8_Free(&zip->ppmd8);
2745 
2746 	if (zip->zip_entries) {
2747 		zip_entry = zip->zip_entries;
2748 		while (zip_entry != NULL) {
2749 			next_zip_entry = zip_entry->next;
2750 			archive_string_free(&zip_entry->rsrcname);
2751 			free(zip_entry);
2752 			zip_entry = next_zip_entry;
2753 		}
2754 	}
2755 	free(zip->decrypted_buffer);
2756 	if (zip->cctx_valid)
2757 		archive_decrypto_aes_ctr_release(&zip->cctx);
2758 	if (zip->hctx_valid)
2759 		archive_hmac_sha1_cleanup(&zip->hctx);
2760 	free(zip->iv);
2761 	free(zip->erd);
2762 	free(zip->v_data);
2763 	archive_string_free(&zip->format_name);
2764 	free(zip);
2765 	(a->format->data) = NULL;
2766 	return (ARCHIVE_OK);
2767 }
2768 
2769 static int
2770 archive_read_format_zip_has_encrypted_entries(struct archive_read *_a)
2771 {
2772 	if (_a && _a->format) {
2773 		struct zip * zip = (struct zip *)_a->format->data;
2774 		if (zip) {
2775 			return zip->has_encrypted_entries;
2776 		}
2777 	}
2778 	return ARCHIVE_READ_FORMAT_ENCRYPTION_DONT_KNOW;
2779 }
2780 
2781 static int
2782 archive_read_format_zip_options(struct archive_read *a,
2783     const char *key, const char *val)
2784 {
2785 	struct zip *zip;
2786 	int ret = ARCHIVE_FAILED;
2787 
2788 	zip = (struct zip *)(a->format->data);
2789 	if (strcmp(key, "compat-2x")  == 0) {
2790 		/* Handle filenames as libarchive 2.x */
2791 		zip->init_default_conversion = (val != NULL) ? 1 : 0;
2792 		return (ARCHIVE_OK);
2793 	} else if (strcmp(key, "hdrcharset")  == 0) {
2794 		if (val == NULL || val[0] == 0)
2795 			archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
2796 			    "zip: hdrcharset option needs a character-set name"
2797 			);
2798 		else {
2799 			zip->sconv = archive_string_conversion_from_charset(
2800 			    &a->archive, val, 0);
2801 			if (zip->sconv != NULL) {
2802 				if (strcmp(val, "UTF-8") == 0)
2803 					zip->sconv_utf8 = zip->sconv;
2804 				ret = ARCHIVE_OK;
2805 			} else
2806 				ret = ARCHIVE_FATAL;
2807 		}
2808 		return (ret);
2809 	} else if (strcmp(key, "ignorecrc32") == 0) {
2810 		/* Mostly useful for testing. */
2811 		if (val == NULL || val[0] == 0) {
2812 			zip->crc32func = real_crc32;
2813 			zip->ignore_crc32 = 0;
2814 		} else {
2815 			zip->crc32func = fake_crc32;
2816 			zip->ignore_crc32 = 1;
2817 		}
2818 		return (ARCHIVE_OK);
2819 	} else if (strcmp(key, "mac-ext") == 0) {
2820 		zip->process_mac_extensions = (val != NULL && val[0] != 0);
2821 		return (ARCHIVE_OK);
2822 	}
2823 
2824 	/* Note: The "warn" return is just to inform the options
2825 	 * supervisor that we didn't handle it.  It will generate
2826 	 * a suitable error if no one used this option. */
2827 	return (ARCHIVE_WARN);
2828 }
2829 
2830 int
2831 archive_read_support_format_zip(struct archive *a)
2832 {
2833 	int r;
2834 	r = archive_read_support_format_zip_streamable(a);
2835 	if (r != ARCHIVE_OK)
2836 		return r;
2837 	return (archive_read_support_format_zip_seekable(a));
2838 }
2839 
2840 /* ------------------------------------------------------------------------ */
2841 
2842 /*
2843  * Streaming-mode support
2844  */
2845 
2846 
2847 static int
2848 archive_read_support_format_zip_capabilities_streamable(struct archive_read * a)
2849 {
2850 	(void)a; /* UNUSED */
2851 	return (ARCHIVE_READ_FORMAT_CAPS_ENCRYPT_DATA |
2852 		ARCHIVE_READ_FORMAT_CAPS_ENCRYPT_METADATA);
2853 }
2854 
2855 static int
2856 archive_read_format_zip_streamable_bid(struct archive_read *a, int best_bid)
2857 {
2858 	const char *p;
2859 
2860 	(void)best_bid; /* UNUSED */
2861 
2862 	if ((p = __archive_read_ahead(a, 4, NULL)) == NULL)
2863 		return (-1);
2864 
2865 	/*
2866 	 * Bid of 29 here comes from:
2867 	 *  + 16 bits for "PK",
2868 	 *  + next 16-bit field has 6 options so contributes
2869 	 *    about 16 - log_2(6) ~= 16 - 2.6 ~= 13 bits
2870 	 *
2871 	 * So we've effectively verified ~29 total bits of check data.
2872 	 */
2873 	if (p[0] == 'P' && p[1] == 'K') {
2874 		if ((p[2] == '\001' && p[3] == '\002')
2875 		    || (p[2] == '\003' && p[3] == '\004')
2876 		    || (p[2] == '\005' && p[3] == '\006')
2877 		    || (p[2] == '\006' && p[3] == '\006')
2878 		    || (p[2] == '\007' && p[3] == '\010')
2879 		    || (p[2] == '0' && p[3] == '0'))
2880 			return (29);
2881 	}
2882 
2883 	/* TODO: It's worth looking ahead a little bit for a valid
2884 	 * PK signature.  In particular, that would make it possible
2885 	 * to read some UUEncoded SFX files or SFX files coming from
2886 	 * a network socket. */
2887 
2888 	return (0);
2889 }
2890 
2891 static int
2892 archive_read_format_zip_streamable_read_header(struct archive_read *a,
2893     struct archive_entry *entry)
2894 {
2895 	struct zip *zip;
2896 
2897 	a->archive.archive_format = ARCHIVE_FORMAT_ZIP;
2898 	if (a->archive.archive_format_name == NULL)
2899 		a->archive.archive_format_name = "ZIP";
2900 
2901 	zip = (struct zip *)(a->format->data);
2902 
2903 	/*
2904 	 * It should be sufficient to call archive_read_next_header() for
2905 	 * a reader to determine if an entry is encrypted or not. If the
2906 	 * encryption of an entry is only detectable when calling
2907 	 * archive_read_data(), so be it. We'll do the same check there
2908 	 * as well.
2909 	 */
2910 	if (zip->has_encrypted_entries ==
2911 			ARCHIVE_READ_FORMAT_ENCRYPTION_DONT_KNOW)
2912 		zip->has_encrypted_entries = 0;
2913 
2914 	/* Make sure we have a zip_entry structure to use. */
2915 	if (zip->zip_entries == NULL) {
2916 		zip->zip_entries = malloc(sizeof(struct zip_entry));
2917 		if (zip->zip_entries == NULL) {
2918 			archive_set_error(&a->archive, ENOMEM,
2919 			    "Out  of memory");
2920 			return ARCHIVE_FATAL;
2921 		}
2922 	}
2923 	zip->entry = zip->zip_entries;
2924 	memset(zip->entry, 0, sizeof(struct zip_entry));
2925 
2926 	if (zip->cctx_valid)
2927 		archive_decrypto_aes_ctr_release(&zip->cctx);
2928 	if (zip->hctx_valid)
2929 		archive_hmac_sha1_cleanup(&zip->hctx);
2930 	zip->tctx_valid = zip->cctx_valid = zip->hctx_valid = 0;
2931 	__archive_read_reset_passphrase(a);
2932 
2933 	/* Search ahead for the next local file header. */
2934 	__archive_read_consume(a, zip->unconsumed);
2935 	zip->unconsumed = 0;
2936 	for (;;) {
2937 		int64_t skipped = 0;
2938 		const char *p, *end;
2939 		ssize_t bytes;
2940 
2941 		p = __archive_read_ahead(a, 4, &bytes);
2942 		if (p == NULL)
2943 			return (ARCHIVE_FATAL);
2944 		end = p + bytes;
2945 
2946 		while (p + 4 <= end) {
2947 			if (p[0] == 'P' && p[1] == 'K') {
2948 				if (p[2] == '\003' && p[3] == '\004') {
2949 					/* Regular file entry. */
2950 					__archive_read_consume(a, skipped);
2951 					return zip_read_local_file_header(a,
2952 					    entry, zip);
2953 				}
2954 
2955                               /*
2956                                * TODO: We cannot restore permissions
2957                                * based only on the local file headers.
2958                                * Consider scanning the central
2959                                * directory and returning additional
2960                                * entries for at least directories.
2961                                * This would allow us to properly set
2962                                * directory permissions.
2963 			       *
2964 			       * This won't help us fix symlinks
2965 			       * and may not help with regular file
2966 			       * permissions, either.  <sigh>
2967                                */
2968                               if (p[2] == '\001' && p[3] == '\002') {
2969                                       return (ARCHIVE_EOF);
2970                               }
2971 
2972                               /* End of central directory?  Must be an
2973                                * empty archive. */
2974                               if ((p[2] == '\005' && p[3] == '\006')
2975                                   || (p[2] == '\006' && p[3] == '\006'))
2976                                       return (ARCHIVE_EOF);
2977 			}
2978 			++p;
2979 			++skipped;
2980 		}
2981 		__archive_read_consume(a, skipped);
2982 	}
2983 }
2984 
2985 static int
2986 archive_read_format_zip_read_data_skip_streamable(struct archive_read *a)
2987 {
2988 	struct zip *zip;
2989 	int64_t bytes_skipped;
2990 
2991 	zip = (struct zip *)(a->format->data);
2992 	bytes_skipped = __archive_read_consume(a, zip->unconsumed);
2993 	zip->unconsumed = 0;
2994 	if (bytes_skipped < 0)
2995 		return (ARCHIVE_FATAL);
2996 
2997 	/* If we've already read to end of data, we're done. */
2998 	if (zip->end_of_entry)
2999 		return (ARCHIVE_OK);
3000 
3001 	/* So we know we're streaming... */
3002 	if (0 == (zip->entry->zip_flags & ZIP_LENGTH_AT_END)
3003 	    || zip->entry->compressed_size > 0) {
3004 		/* We know the compressed length, so we can just skip. */
3005 		bytes_skipped = __archive_read_consume(a,
3006 					zip->entry_bytes_remaining);
3007 		if (bytes_skipped < 0)
3008 			return (ARCHIVE_FATAL);
3009 		return (ARCHIVE_OK);
3010 	}
3011 
3012 	if (zip->init_decryption) {
3013 		int r;
3014 
3015 		zip->has_encrypted_entries = 1;
3016 		if (zip->entry->zip_flags & ZIP_STRONG_ENCRYPTED)
3017 			r = read_decryption_header(a);
3018 		else if (zip->entry->compression == WINZIP_AES_ENCRYPTION)
3019 			r = init_WinZip_AES_decryption(a);
3020 		else
3021 			r = init_traditional_PKWARE_decryption(a);
3022 		if (r != ARCHIVE_OK)
3023 			return (r);
3024 		zip->init_decryption = 0;
3025 	}
3026 
3027 	/* We're streaming and we don't know the length. */
3028 	/* If the body is compressed and we know the format, we can
3029 	 * find an exact end-of-entry by decompressing it. */
3030 	switch (zip->entry->compression) {
3031 #ifdef HAVE_ZLIB_H
3032 	case 8: /* Deflate compression. */
3033 		while (!zip->end_of_entry) {
3034 			int64_t offset = 0;
3035 			const void *buff = NULL;
3036 			size_t size = 0;
3037 			int r;
3038 			r =  zip_read_data_deflate(a, &buff, &size, &offset);
3039 			if (r != ARCHIVE_OK)
3040 				return (r);
3041 		}
3042 		return ARCHIVE_OK;
3043 #endif
3044 	default: /* Uncompressed or unknown. */
3045 		/* Scan for a PK\007\010 signature. */
3046 		for (;;) {
3047 			const char *p, *buff;
3048 			ssize_t bytes_avail;
3049 			buff = __archive_read_ahead(a, 16, &bytes_avail);
3050 			if (bytes_avail < 16) {
3051 				archive_set_error(&a->archive,
3052 				    ARCHIVE_ERRNO_FILE_FORMAT,
3053 				    "Truncated ZIP file data");
3054 				return (ARCHIVE_FATAL);
3055 			}
3056 			p = buff;
3057 			while (p <= buff + bytes_avail - 16) {
3058 				if (p[3] == 'P') { p += 3; }
3059 				else if (p[3] == 'K') { p += 2; }
3060 				else if (p[3] == '\007') { p += 1; }
3061 				else if (p[3] == '\010' && p[2] == '\007'
3062 				    && p[1] == 'K' && p[0] == 'P') {
3063 					if (zip->entry->flags & LA_USED_ZIP64)
3064 						__archive_read_consume(a,
3065 						    p - buff + 24);
3066 					else
3067 						__archive_read_consume(a,
3068 						    p - buff + 16);
3069 					return ARCHIVE_OK;
3070 				} else { p += 4; }
3071 			}
3072 			__archive_read_consume(a, p - buff);
3073 		}
3074 	}
3075 }
3076 
3077 int
3078 archive_read_support_format_zip_streamable(struct archive *_a)
3079 {
3080 	struct archive_read *a = (struct archive_read *)_a;
3081 	struct zip *zip;
3082 	int r;
3083 
3084 	archive_check_magic(_a, ARCHIVE_READ_MAGIC,
3085 	    ARCHIVE_STATE_NEW, "archive_read_support_format_zip");
3086 
3087 	zip = (struct zip *)calloc(1, sizeof(*zip));
3088 	if (zip == NULL) {
3089 		archive_set_error(&a->archive, ENOMEM,
3090 		    "Can't allocate zip data");
3091 		return (ARCHIVE_FATAL);
3092 	}
3093 
3094 	/* Streamable reader doesn't support mac extensions. */
3095 	zip->process_mac_extensions = 0;
3096 
3097 	/*
3098 	 * Until enough data has been read, we cannot tell about
3099 	 * any encrypted entries yet.
3100 	 */
3101 	zip->has_encrypted_entries = ARCHIVE_READ_FORMAT_ENCRYPTION_DONT_KNOW;
3102 	zip->crc32func = real_crc32;
3103 
3104 	r = __archive_read_register_format(a,
3105 	    zip,
3106 	    "zip",
3107 	    archive_read_format_zip_streamable_bid,
3108 	    archive_read_format_zip_options,
3109 	    archive_read_format_zip_streamable_read_header,
3110 	    archive_read_format_zip_read_data,
3111 	    archive_read_format_zip_read_data_skip_streamable,
3112 	    NULL,
3113 	    archive_read_format_zip_cleanup,
3114 	    archive_read_support_format_zip_capabilities_streamable,
3115 	    archive_read_format_zip_has_encrypted_entries);
3116 
3117 	if (r != ARCHIVE_OK)
3118 		free(zip);
3119 	return (ARCHIVE_OK);
3120 }
3121 
3122 /* ------------------------------------------------------------------------ */
3123 
3124 /*
3125  * Seeking-mode support
3126  */
3127 
3128 static int
3129 archive_read_support_format_zip_capabilities_seekable(struct archive_read * a)
3130 {
3131 	(void)a; /* UNUSED */
3132 	return (ARCHIVE_READ_FORMAT_CAPS_ENCRYPT_DATA |
3133 		ARCHIVE_READ_FORMAT_CAPS_ENCRYPT_METADATA);
3134 }
3135 
3136 /*
3137  * TODO: This is a performance sink because it forces the read core to
3138  * drop buffered data from the start of file, which will then have to
3139  * be re-read again if this bidder loses.
3140  *
3141  * We workaround this a little by passing in the best bid so far so
3142  * that later bidders can do nothing if they know they'll never
3143  * outbid.  But we can certainly do better...
3144  */
3145 static int
3146 read_eocd(struct zip *zip, const char *p, int64_t current_offset)
3147 {
3148 	/* Sanity-check the EOCD we've found. */
3149 
3150 	/* This must be the first volume. */
3151 	if (archive_le16dec(p + 4) != 0)
3152 		return 0;
3153 	/* Central directory must be on this volume. */
3154 	if (archive_le16dec(p + 4) != archive_le16dec(p + 6))
3155 		return 0;
3156 	/* All central directory entries must be on this volume. */
3157 	if (archive_le16dec(p + 10) != archive_le16dec(p + 8))
3158 		return 0;
3159 	/* Central directory can't extend beyond start of EOCD record. */
3160 	if (archive_le32dec(p + 16) + archive_le32dec(p + 12)
3161 	    > current_offset)
3162 		return 0;
3163 
3164 	/* Save the central directory location for later use. */
3165 	zip->central_directory_offset = archive_le32dec(p + 16);
3166 
3167 	/* This is just a tiny bit higher than the maximum
3168 	   returned by the streaming Zip bidder.  This ensures
3169 	   that the more accurate seeking Zip parser wins
3170 	   whenever seek is available. */
3171 	return 32;
3172 }
3173 
3174 /*
3175  * Examine Zip64 EOCD locator:  If it's valid, store the information
3176  * from it.
3177  */
3178 static int
3179 read_zip64_eocd(struct archive_read *a, struct zip *zip, const char *p)
3180 {
3181 	int64_t eocd64_offset;
3182 	int64_t eocd64_size;
3183 
3184 	/* Sanity-check the locator record. */
3185 
3186 	/* Central dir must be on first volume. */
3187 	if (archive_le32dec(p + 4) != 0)
3188 		return 0;
3189 	/* Must be only a single volume. */
3190 	if (archive_le32dec(p + 16) != 1)
3191 		return 0;
3192 
3193 	/* Find the Zip64 EOCD record. */
3194 	eocd64_offset = archive_le64dec(p + 8);
3195 	if (__archive_read_seek(a, eocd64_offset, SEEK_SET) < 0)
3196 		return 0;
3197 	if ((p = __archive_read_ahead(a, 56, NULL)) == NULL)
3198 		return 0;
3199 	/* Make sure we can read all of it. */
3200 	eocd64_size = archive_le64dec(p + 4) + 12;
3201 	if (eocd64_size < 56 || eocd64_size > 16384)
3202 		return 0;
3203 	if ((p = __archive_read_ahead(a, (size_t)eocd64_size, NULL)) == NULL)
3204 		return 0;
3205 
3206 	/* Sanity-check the EOCD64 */
3207 	if (archive_le32dec(p + 16) != 0) /* Must be disk #0 */
3208 		return 0;
3209 	if (archive_le32dec(p + 20) != 0) /* CD must be on disk #0 */
3210 		return 0;
3211 	/* CD can't be split. */
3212 	if (archive_le64dec(p + 24) != archive_le64dec(p + 32))
3213 		return 0;
3214 
3215 	/* Save the central directory offset for later use. */
3216 	zip->central_directory_offset = archive_le64dec(p + 48);
3217 
3218 	return 32;
3219 }
3220 
3221 static int
3222 archive_read_format_zip_seekable_bid(struct archive_read *a, int best_bid)
3223 {
3224 	struct zip *zip = (struct zip *)a->format->data;
3225 	int64_t file_size, current_offset;
3226 	const char *p;
3227 	int i, tail;
3228 
3229 	/* If someone has already bid more than 32, then avoid
3230 	   trashing the look-ahead buffers with a seek. */
3231 	if (best_bid > 32)
3232 		return (-1);
3233 
3234 	file_size = __archive_read_seek(a, 0, SEEK_END);
3235 	if (file_size <= 0)
3236 		return 0;
3237 
3238 	/* Search last 16k of file for end-of-central-directory
3239 	 * record (which starts with PK\005\006) */
3240 	tail = (int)zipmin(1024 * 16, file_size);
3241 	current_offset = __archive_read_seek(a, -tail, SEEK_END);
3242 	if (current_offset < 0)
3243 		return 0;
3244 	if ((p = __archive_read_ahead(a, (size_t)tail, NULL)) == NULL)
3245 		return 0;
3246 	/* Boyer-Moore search backwards from the end, since we want
3247 	 * to match the last EOCD in the file (there can be more than
3248 	 * one if there is an uncompressed Zip archive as a member
3249 	 * within this Zip archive). */
3250 	for (i = tail - 22; i > 0;) {
3251 		switch (p[i]) {
3252 		case 'P':
3253 			if (memcmp(p + i, "PK\005\006", 4) == 0) {
3254 				int ret = read_eocd(zip, p + i,
3255 				    current_offset + i);
3256 				/* Zip64 EOCD locator precedes
3257 				 * regular EOCD if present. */
3258 				if (i >= 20 && memcmp(p + i - 20, "PK\006\007", 4) == 0) {
3259 					int ret_zip64 = read_zip64_eocd(a, zip, p + i - 20);
3260 					if (ret_zip64 > ret)
3261 						ret = ret_zip64;
3262 				}
3263 				return (ret);
3264 			}
3265 			i -= 4;
3266 			break;
3267 		case 'K': i -= 1; break;
3268 		case 005: i -= 2; break;
3269 		case 006: i -= 3; break;
3270 		default: i -= 4; break;
3271 		}
3272 	}
3273 	return 0;
3274 }
3275 
3276 /* The red-black trees are only used in seeking mode to manage
3277  * the in-memory copy of the central directory. */
3278 
3279 static int
3280 cmp_node(const struct archive_rb_node *n1, const struct archive_rb_node *n2)
3281 {
3282 	const struct zip_entry *e1 = (const struct zip_entry *)n1;
3283 	const struct zip_entry *e2 = (const struct zip_entry *)n2;
3284 
3285 	if (e1->local_header_offset > e2->local_header_offset)
3286 		return -1;
3287 	if (e1->local_header_offset < e2->local_header_offset)
3288 		return 1;
3289 	return 0;
3290 }
3291 
3292 static int
3293 cmp_key(const struct archive_rb_node *n, const void *key)
3294 {
3295 	/* This function won't be called */
3296 	(void)n; /* UNUSED */
3297 	(void)key; /* UNUSED */
3298 	return 1;
3299 }
3300 
3301 static const struct archive_rb_tree_ops rb_ops = {
3302 	&cmp_node, &cmp_key
3303 };
3304 
3305 static int
3306 rsrc_cmp_node(const struct archive_rb_node *n1,
3307     const struct archive_rb_node *n2)
3308 {
3309 	const struct zip_entry *e1 = (const struct zip_entry *)n1;
3310 	const struct zip_entry *e2 = (const struct zip_entry *)n2;
3311 
3312 	return (strcmp(e2->rsrcname.s, e1->rsrcname.s));
3313 }
3314 
3315 static int
3316 rsrc_cmp_key(const struct archive_rb_node *n, const void *key)
3317 {
3318 	const struct zip_entry *e = (const struct zip_entry *)n;
3319 	return (strcmp((const char *)key, e->rsrcname.s));
3320 }
3321 
3322 static const struct archive_rb_tree_ops rb_rsrc_ops = {
3323 	&rsrc_cmp_node, &rsrc_cmp_key
3324 };
3325 
3326 static const char *
3327 rsrc_basename(const char *name, size_t name_length)
3328 {
3329 	const char *s, *r;
3330 
3331 	r = s = name;
3332 	for (;;) {
3333 		s = memchr(s, '/', name_length - (s - name));
3334 		if (s == NULL)
3335 			break;
3336 		r = ++s;
3337 	}
3338 	return (r);
3339 }
3340 
3341 static void
3342 expose_parent_dirs(struct zip *zip, const char *name, size_t name_length)
3343 {
3344 	struct archive_string str;
3345 	struct zip_entry *dir;
3346 	char *s;
3347 
3348 	archive_string_init(&str);
3349 	archive_strncpy(&str, name, name_length);
3350 	for (;;) {
3351 		s = strrchr(str.s, '/');
3352 		if (s == NULL)
3353 			break;
3354 		*s = '\0';
3355 		/* Transfer the parent directory from zip->tree_rsrc RB
3356 		 * tree to zip->tree RB tree to expose. */
3357 		dir = (struct zip_entry *)
3358 		    __archive_rb_tree_find_node(&zip->tree_rsrc, str.s);
3359 		if (dir == NULL)
3360 			break;
3361 		__archive_rb_tree_remove_node(&zip->tree_rsrc, &dir->node);
3362 		archive_string_free(&dir->rsrcname);
3363 		__archive_rb_tree_insert_node(&zip->tree, &dir->node);
3364 	}
3365 	archive_string_free(&str);
3366 }
3367 
3368 static int
3369 slurp_central_directory(struct archive_read *a, struct zip *zip)
3370 {
3371 	ssize_t i;
3372 	unsigned found;
3373 	int64_t correction;
3374 	ssize_t bytes_avail;
3375 	const char *p;
3376 
3377 	/*
3378 	 * Find the start of the central directory.  The end-of-CD
3379 	 * record has our starting point, but there are lots of
3380 	 * Zip archives which have had other data prepended to the
3381 	 * file, which makes the recorded offsets all too small.
3382 	 * So we search forward from the specified offset until we
3383 	 * find the real start of the central directory.  Then we
3384 	 * know the correction we need to apply to account for leading
3385 	 * padding.
3386 	 */
3387 	if (__archive_read_seek(a, zip->central_directory_offset, SEEK_SET) < 0)
3388 		return ARCHIVE_FATAL;
3389 
3390 	found = 0;
3391 	while (!found) {
3392 		if ((p = __archive_read_ahead(a, 20, &bytes_avail)) == NULL)
3393 			return ARCHIVE_FATAL;
3394 		for (found = 0, i = 0; !found && i < bytes_avail - 4;) {
3395 			switch (p[i + 3]) {
3396 			case 'P': i += 3; break;
3397 			case 'K': i += 2; break;
3398 			case 001: i += 1; break;
3399 			case 002:
3400 				if (memcmp(p + i, "PK\001\002", 4) == 0) {
3401 					p += i;
3402 					found = 1;
3403 				} else
3404 					i += 4;
3405 				break;
3406 			case 005: i += 1; break;
3407 			case 006:
3408 				if (memcmp(p + i, "PK\005\006", 4) == 0) {
3409 					p += i;
3410 					found = 1;
3411 				} else if (memcmp(p + i, "PK\006\006", 4) == 0) {
3412 					p += i;
3413 					found = 1;
3414 				} else
3415 					i += 1;
3416 				break;
3417 			default: i += 4; break;
3418 			}
3419 		}
3420 		__archive_read_consume(a, i);
3421 	}
3422 	correction = archive_filter_bytes(&a->archive, 0)
3423 			- zip->central_directory_offset;
3424 
3425 	__archive_rb_tree_init(&zip->tree, &rb_ops);
3426 	__archive_rb_tree_init(&zip->tree_rsrc, &rb_rsrc_ops);
3427 
3428 	zip->central_directory_entries_total = 0;
3429 	while (1) {
3430 		struct zip_entry *zip_entry;
3431 		size_t filename_length, extra_length, comment_length;
3432 		uint32_t external_attributes;
3433 		const char *name, *r;
3434 
3435 		if ((p = __archive_read_ahead(a, 4, NULL)) == NULL)
3436 			return ARCHIVE_FATAL;
3437 		if (memcmp(p, "PK\006\006", 4) == 0
3438 		    || memcmp(p, "PK\005\006", 4) == 0) {
3439 			break;
3440 		} else if (memcmp(p, "PK\001\002", 4) != 0) {
3441 			archive_set_error(&a->archive,
3442 			    -1, "Invalid central directory signature");
3443 			return ARCHIVE_FATAL;
3444 		}
3445 		if ((p = __archive_read_ahead(a, 46, NULL)) == NULL)
3446 			return ARCHIVE_FATAL;
3447 
3448 		zip_entry = calloc(1, sizeof(struct zip_entry));
3449 		if (zip_entry == NULL) {
3450 			archive_set_error(&a->archive, ENOMEM,
3451 				"Can't allocate zip entry");
3452 			return ARCHIVE_FATAL;
3453 		}
3454 		zip_entry->next = zip->zip_entries;
3455 		zip_entry->flags |= LA_FROM_CENTRAL_DIRECTORY;
3456 		zip->zip_entries = zip_entry;
3457 		zip->central_directory_entries_total++;
3458 
3459 		/* version = p[4]; */
3460 		zip_entry->system = p[5];
3461 		/* version_required = archive_le16dec(p + 6); */
3462 		zip_entry->zip_flags = archive_le16dec(p + 8);
3463 		if (zip_entry->zip_flags
3464 		      & (ZIP_ENCRYPTED | ZIP_STRONG_ENCRYPTED)){
3465 			zip->has_encrypted_entries = 1;
3466 		}
3467 		zip_entry->compression = (char)archive_le16dec(p + 10);
3468 		zip_entry->mtime = zip_time(p + 12);
3469 		zip_entry->crc32 = archive_le32dec(p + 16);
3470 		if (zip_entry->zip_flags & ZIP_LENGTH_AT_END)
3471 			zip_entry->decdat = p[13];
3472 		else
3473 			zip_entry->decdat = p[19];
3474 		zip_entry->compressed_size = archive_le32dec(p + 20);
3475 		zip_entry->uncompressed_size = archive_le32dec(p + 24);
3476 		filename_length = archive_le16dec(p + 28);
3477 		extra_length = archive_le16dec(p + 30);
3478 		comment_length = archive_le16dec(p + 32);
3479 		/* disk_start = archive_le16dec(p + 34); */ /* Better be zero. */
3480 		/* internal_attributes = archive_le16dec(p + 36); */ /* text bit */
3481 		external_attributes = archive_le32dec(p + 38);
3482 		zip_entry->local_header_offset =
3483 		    archive_le32dec(p + 42) + correction;
3484 
3485 		/* If we can't guess the mode, leave it zero here;
3486 		   when we read the local file header we might get
3487 		   more information. */
3488 		if (zip_entry->system == 3) {
3489 			zip_entry->mode = external_attributes >> 16;
3490 		} else if (zip_entry->system == 0) {
3491 			// Interpret MSDOS directory bit
3492 			if (0x10 == (external_attributes & 0x10)) {
3493 				zip_entry->mode = AE_IFDIR | 0775;
3494 			} else {
3495 				zip_entry->mode = AE_IFREG | 0664;
3496 			}
3497 			if (0x01 == (external_attributes & 0x01)) {
3498 				// Read-only bit; strip write permissions
3499 				zip_entry->mode &= 0555;
3500 			}
3501 		} else {
3502 			zip_entry->mode = 0;
3503 		}
3504 
3505 		/* We're done with the regular data; get the filename and
3506 		 * extra data. */
3507 		__archive_read_consume(a, 46);
3508 		p = __archive_read_ahead(a, filename_length + extra_length,
3509 			NULL);
3510 		if (p == NULL) {
3511 			archive_set_error(&a->archive,
3512 			    ARCHIVE_ERRNO_FILE_FORMAT,
3513 			    "Truncated ZIP file header");
3514 			return ARCHIVE_FATAL;
3515 		}
3516 		if (ARCHIVE_OK != process_extra(a, p + filename_length, extra_length, zip_entry)) {
3517 			return ARCHIVE_FATAL;
3518 		}
3519 
3520 		/*
3521 		 * Mac resource fork files are stored under the
3522 		 * "__MACOSX/" directory, so we should check if
3523 		 * it is.
3524 		 */
3525 		if (!zip->process_mac_extensions) {
3526 			/* Treat every entry as a regular entry. */
3527 			__archive_rb_tree_insert_node(&zip->tree,
3528 			    &zip_entry->node);
3529 		} else {
3530 			name = p;
3531 			r = rsrc_basename(name, filename_length);
3532 			if (filename_length >= 9 &&
3533 			    strncmp("__MACOSX/", name, 9) == 0) {
3534 				/* If this file is not a resource fork nor
3535 				 * a directory. We should treat it as a non
3536 				 * resource fork file to expose it. */
3537 				if (name[filename_length-1] != '/' &&
3538 				    (r - name < 3 || r[0] != '.' || r[1] != '_')) {
3539 					__archive_rb_tree_insert_node(
3540 					    &zip->tree, &zip_entry->node);
3541 					/* Expose its parent directories. */
3542 					expose_parent_dirs(zip, name,
3543 					    filename_length);
3544 				} else {
3545 					/* This file is a resource fork file or
3546 					 * a directory. */
3547 					archive_strncpy(&(zip_entry->rsrcname),
3548 					     name, filename_length);
3549 					__archive_rb_tree_insert_node(
3550 					    &zip->tree_rsrc, &zip_entry->node);
3551 				}
3552 			} else {
3553 				/* Generate resource fork name to find its
3554 				 * resource file at zip->tree_rsrc. */
3555 				archive_strcpy(&(zip_entry->rsrcname),
3556 				    "__MACOSX/");
3557 				archive_strncat(&(zip_entry->rsrcname),
3558 				    name, r - name);
3559 				archive_strcat(&(zip_entry->rsrcname), "._");
3560 				archive_strncat(&(zip_entry->rsrcname),
3561 				    name + (r - name),
3562 				    filename_length - (r - name));
3563 				/* Register an entry to RB tree to sort it by
3564 				 * file offset. */
3565 				__archive_rb_tree_insert_node(&zip->tree,
3566 				    &zip_entry->node);
3567 			}
3568 		}
3569 
3570 		/* Skip the comment too ... */
3571 		__archive_read_consume(a,
3572 		    filename_length + extra_length + comment_length);
3573 	}
3574 
3575 	return ARCHIVE_OK;
3576 }
3577 
3578 static ssize_t
3579 zip_get_local_file_header_size(struct archive_read *a, size_t extra)
3580 {
3581 	const char *p;
3582 	ssize_t filename_length, extra_length;
3583 
3584 	if ((p = __archive_read_ahead(a, extra + 30, NULL)) == NULL) {
3585 		archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
3586 		    "Truncated ZIP file header");
3587 		return (ARCHIVE_WARN);
3588 	}
3589 	p += extra;
3590 
3591 	if (memcmp(p, "PK\003\004", 4) != 0) {
3592 		archive_set_error(&a->archive, -1, "Damaged Zip archive");
3593 		return ARCHIVE_WARN;
3594 	}
3595 	filename_length = archive_le16dec(p + 26);
3596 	extra_length = archive_le16dec(p + 28);
3597 
3598 	return (30 + filename_length + extra_length);
3599 }
3600 
3601 static int
3602 zip_read_mac_metadata(struct archive_read *a, struct archive_entry *entry,
3603     struct zip_entry *rsrc)
3604 {
3605 	struct zip *zip = (struct zip *)a->format->data;
3606 	unsigned char *metadata, *mp;
3607 	int64_t offset = archive_filter_bytes(&a->archive, 0);
3608 	size_t remaining_bytes, metadata_bytes;
3609 	ssize_t hsize;
3610 	int ret = ARCHIVE_OK, eof;
3611 
3612 	switch(rsrc->compression) {
3613 	case 0:  /* No compression. */
3614 		if (rsrc->uncompressed_size != rsrc->compressed_size) {
3615 			archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
3616 			    "Malformed OS X metadata entry: inconsistent size");
3617 			return (ARCHIVE_FATAL);
3618 		}
3619 #ifdef HAVE_ZLIB_H
3620 	case 8: /* Deflate compression. */
3621 #endif
3622 		break;
3623 	default: /* Unsupported compression. */
3624 		/* Return a warning. */
3625 		archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
3626 		    "Unsupported ZIP compression method (%s)",
3627 		    compression_name(rsrc->compression));
3628 		/* We can't decompress this entry, but we will
3629 		 * be able to skip() it and try the next entry. */
3630 		return (ARCHIVE_WARN);
3631 	}
3632 
3633 	if (rsrc->uncompressed_size > (4 * 1024 * 1024)) {
3634 		archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
3635 		    "Mac metadata is too large: %jd > 4M bytes",
3636 		    (intmax_t)rsrc->uncompressed_size);
3637 		return (ARCHIVE_WARN);
3638 	}
3639 	if (rsrc->compressed_size > (4 * 1024 * 1024)) {
3640 		archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
3641 		    "Mac metadata is too large: %jd > 4M bytes",
3642 		    (intmax_t)rsrc->compressed_size);
3643 		return (ARCHIVE_WARN);
3644 	}
3645 
3646 	metadata = malloc((size_t)rsrc->uncompressed_size);
3647 	if (metadata == NULL) {
3648 		archive_set_error(&a->archive, ENOMEM,
3649 		    "Can't allocate memory for Mac metadata");
3650 		return (ARCHIVE_FATAL);
3651 	}
3652 
3653 	if (offset < rsrc->local_header_offset)
3654 		__archive_read_consume(a, rsrc->local_header_offset - offset);
3655 	else if (offset != rsrc->local_header_offset) {
3656 		__archive_read_seek(a, rsrc->local_header_offset, SEEK_SET);
3657 	}
3658 
3659 	hsize = zip_get_local_file_header_size(a, 0);
3660 	__archive_read_consume(a, hsize);
3661 
3662 	remaining_bytes = (size_t)rsrc->compressed_size;
3663 	metadata_bytes = (size_t)rsrc->uncompressed_size;
3664 	mp = metadata;
3665 	eof = 0;
3666 	while (!eof && remaining_bytes) {
3667 		const unsigned char *p;
3668 		ssize_t bytes_avail;
3669 		size_t bytes_used;
3670 
3671 		p = __archive_read_ahead(a, 1, &bytes_avail);
3672 		if (p == NULL) {
3673 			archive_set_error(&a->archive,
3674 			    ARCHIVE_ERRNO_FILE_FORMAT,
3675 			    "Truncated ZIP file header");
3676 			ret = ARCHIVE_WARN;
3677 			goto exit_mac_metadata;
3678 		}
3679 		if ((size_t)bytes_avail > remaining_bytes)
3680 			bytes_avail = remaining_bytes;
3681 		switch(rsrc->compression) {
3682 		case 0:  /* No compression. */
3683 			if ((size_t)bytes_avail > metadata_bytes)
3684 				bytes_avail = metadata_bytes;
3685 			memcpy(mp, p, bytes_avail);
3686 			bytes_used = (size_t)bytes_avail;
3687 			metadata_bytes -= bytes_used;
3688 			mp += bytes_used;
3689 			if (metadata_bytes == 0)
3690 				eof = 1;
3691 			break;
3692 #ifdef HAVE_ZLIB_H
3693 		case 8: /* Deflate compression. */
3694 		{
3695 			int r;
3696 
3697 			ret = zip_deflate_init(a, zip);
3698 			if (ret != ARCHIVE_OK)
3699 				goto exit_mac_metadata;
3700 			zip->stream.next_in =
3701 			    (Bytef *)(uintptr_t)(const void *)p;
3702 			zip->stream.avail_in = (uInt)bytes_avail;
3703 			zip->stream.total_in = 0;
3704 			zip->stream.next_out = mp;
3705 			zip->stream.avail_out = (uInt)metadata_bytes;
3706 			zip->stream.total_out = 0;
3707 
3708 			r = inflate(&zip->stream, 0);
3709 			switch (r) {
3710 			case Z_OK:
3711 				break;
3712 			case Z_STREAM_END:
3713 				eof = 1;
3714 				break;
3715 			case Z_MEM_ERROR:
3716 				archive_set_error(&a->archive, ENOMEM,
3717 				    "Out of memory for ZIP decompression");
3718 				ret = ARCHIVE_FATAL;
3719 				goto exit_mac_metadata;
3720 			default:
3721 				archive_set_error(&a->archive,
3722 				    ARCHIVE_ERRNO_MISC,
3723 				    "ZIP decompression failed (%d)", r);
3724 				ret = ARCHIVE_FATAL;
3725 				goto exit_mac_metadata;
3726 			}
3727 			bytes_used = zip->stream.total_in;
3728 			metadata_bytes -= zip->stream.total_out;
3729 			mp += zip->stream.total_out;
3730 			break;
3731 		}
3732 #endif
3733 		default:
3734 			bytes_used = 0;
3735 			break;
3736 		}
3737 		__archive_read_consume(a, bytes_used);
3738 		remaining_bytes -= bytes_used;
3739 	}
3740 	archive_entry_copy_mac_metadata(entry, metadata,
3741 	    (size_t)rsrc->uncompressed_size - metadata_bytes);
3742 
3743 exit_mac_metadata:
3744 	__archive_read_seek(a, offset, SEEK_SET);
3745 	zip->decompress_init = 0;
3746 	free(metadata);
3747 	return (ret);
3748 }
3749 
3750 static int
3751 archive_read_format_zip_seekable_read_header(struct archive_read *a,
3752 	struct archive_entry *entry)
3753 {
3754 	struct zip *zip = (struct zip *)a->format->data;
3755 	struct zip_entry *rsrc;
3756 	int64_t offset;
3757 	int r, ret = ARCHIVE_OK;
3758 
3759 	/*
3760 	 * It should be sufficient to call archive_read_next_header() for
3761 	 * a reader to determine if an entry is encrypted or not. If the
3762 	 * encryption of an entry is only detectable when calling
3763 	 * archive_read_data(), so be it. We'll do the same check there
3764 	 * as well.
3765 	 */
3766 	if (zip->has_encrypted_entries ==
3767 			ARCHIVE_READ_FORMAT_ENCRYPTION_DONT_KNOW)
3768 		zip->has_encrypted_entries = 0;
3769 
3770 	a->archive.archive_format = ARCHIVE_FORMAT_ZIP;
3771 	if (a->archive.archive_format_name == NULL)
3772 		a->archive.archive_format_name = "ZIP";
3773 
3774 	if (zip->zip_entries == NULL) {
3775 		r = slurp_central_directory(a, zip);
3776 		if (r != ARCHIVE_OK)
3777 			return r;
3778 		/* Get first entry whose local header offset is lower than
3779 		 * other entries in the archive file. */
3780 		zip->entry =
3781 		    (struct zip_entry *)ARCHIVE_RB_TREE_MIN(&zip->tree);
3782 	} else if (zip->entry != NULL) {
3783 		/* Get next entry in local header offset order. */
3784 		zip->entry = (struct zip_entry *)__archive_rb_tree_iterate(
3785 		    &zip->tree, &zip->entry->node, ARCHIVE_RB_DIR_RIGHT);
3786 	}
3787 
3788 	if (zip->entry == NULL)
3789 		return ARCHIVE_EOF;
3790 
3791 	if (zip->entry->rsrcname.s)
3792 		rsrc = (struct zip_entry *)__archive_rb_tree_find_node(
3793 		    &zip->tree_rsrc, zip->entry->rsrcname.s);
3794 	else
3795 		rsrc = NULL;
3796 
3797 	if (zip->cctx_valid)
3798 		archive_decrypto_aes_ctr_release(&zip->cctx);
3799 	if (zip->hctx_valid)
3800 		archive_hmac_sha1_cleanup(&zip->hctx);
3801 	zip->tctx_valid = zip->cctx_valid = zip->hctx_valid = 0;
3802 	__archive_read_reset_passphrase(a);
3803 
3804 	/* File entries are sorted by the header offset, we should mostly
3805 	 * use __archive_read_consume to advance a read point to avoid redundant
3806 	 * data reading.  */
3807 	offset = archive_filter_bytes(&a->archive, 0);
3808 	if (offset < zip->entry->local_header_offset)
3809 		__archive_read_consume(a,
3810 		    zip->entry->local_header_offset - offset);
3811 	else if (offset != zip->entry->local_header_offset) {
3812 		__archive_read_seek(a, zip->entry->local_header_offset,
3813 		    SEEK_SET);
3814 	}
3815 	zip->unconsumed = 0;
3816 	r = zip_read_local_file_header(a, entry, zip);
3817 	if (r != ARCHIVE_OK)
3818 		return r;
3819 	if (rsrc) {
3820 		int ret2 = zip_read_mac_metadata(a, entry, rsrc);
3821 		if (ret2 < ret)
3822 			ret = ret2;
3823 	}
3824 	return (ret);
3825 }
3826 
3827 /*
3828  * We're going to seek for the next header anyway, so we don't
3829  * need to bother doing anything here.
3830  */
3831 static int
3832 archive_read_format_zip_read_data_skip_seekable(struct archive_read *a)
3833 {
3834 	struct zip *zip;
3835 	zip = (struct zip *)(a->format->data);
3836 
3837 	zip->unconsumed = 0;
3838 	return (ARCHIVE_OK);
3839 }
3840 
3841 int
3842 archive_read_support_format_zip_seekable(struct archive *_a)
3843 {
3844 	struct archive_read *a = (struct archive_read *)_a;
3845 	struct zip *zip;
3846 	int r;
3847 
3848 	archive_check_magic(_a, ARCHIVE_READ_MAGIC,
3849 	    ARCHIVE_STATE_NEW, "archive_read_support_format_zip_seekable");
3850 
3851 	zip = (struct zip *)calloc(1, sizeof(*zip));
3852 	if (zip == NULL) {
3853 		archive_set_error(&a->archive, ENOMEM,
3854 		    "Can't allocate zip data");
3855 		return (ARCHIVE_FATAL);
3856 	}
3857 
3858 #ifdef HAVE_COPYFILE_H
3859 	/* Set this by default on Mac OS. */
3860 	zip->process_mac_extensions = 1;
3861 #endif
3862 
3863 	/*
3864 	 * Until enough data has been read, we cannot tell about
3865 	 * any encrypted entries yet.
3866 	 */
3867 	zip->has_encrypted_entries = ARCHIVE_READ_FORMAT_ENCRYPTION_DONT_KNOW;
3868 	zip->crc32func = real_crc32;
3869 
3870 	r = __archive_read_register_format(a,
3871 	    zip,
3872 	    "zip",
3873 	    archive_read_format_zip_seekable_bid,
3874 	    archive_read_format_zip_options,
3875 	    archive_read_format_zip_seekable_read_header,
3876 	    archive_read_format_zip_read_data,
3877 	    archive_read_format_zip_read_data_skip_seekable,
3878 	    NULL,
3879 	    archive_read_format_zip_cleanup,
3880 	    archive_read_support_format_zip_capabilities_seekable,
3881 	    archive_read_format_zip_has_encrypted_entries);
3882 
3883 	if (r != ARCHIVE_OK)
3884 		free(zip);
3885 	return (ARCHIVE_OK);
3886 }
3887 
3888 /*# vim:set noet:*/
3889