diff --git a/sys/src/cmd/gzip/unzip.c b/sys/src/cmd/gzip/unzip.c
index ab4991127..488a33065 100644
--- a/sys/src/cmd/gzip/unzip.c
+++ b/sys/src/cmd/gzip/unzip.c
@@ -529,7 +529,7 @@ static int
 findCDir(Biobuf *bin, char *file)
 {
 	vlong ecoff;
-	long off, size, m;
+	long off, size;
 	int entries, zclen, dn, ds, de;
 
 	ecoff = Bseek(bin, -ZECHeadSize, 2);
@@ -540,11 +540,16 @@ findCDir(Biobuf *bin, char *file)
 	}
 	if(setjmp(zjmp))
 		return -1;
-
-	if((m=get4(bin)) != ZECHeader){
-		fprint(2, "unzip: bad magic number for table of contents of %s: %#.8lx\n", file, m);
-		longjmp(seekjmp, 1);
-		return -1;
+	off = 0;
+	while(get4(bin) != ZECHeader){
+		if(ecoff <= 0 || off >= 1024){
+			fprint(2, "unzip: cannot find end of table of contents in %s\n", file);
+			longjmp(seekjmp, 1);
+			return -1;
+		}
+		off++;
+		ecoff--;
+		Bseek(bin, ecoff, 0);
 	}
 	dn = get2(bin);
 	ds = get2(bin);
diff --git a/sys/src/cmd/tapefs/zipfs.c b/sys/src/cmd/tapefs/zipfs.c
index 4017a3906..a7279b2e0 100644
--- a/sys/src/cmd/tapefs/zipfs.c
+++ b/sys/src/cmd/tapefs/zipfs.c
@@ -189,10 +189,14 @@ findCDir(Biobuf *bin)
 	ecoff = Bseek(bin, -ZECHeadSize, 2);
 	if(ecoff < 0)
 		sysfatal("can't seek to header");
-
-	if(get4(bin) != ZECHeader)
-		sysfatal("bad magic number on directory");
-
+	off = 0;
+	while(get4(bin) != ZECHeader){
+		if(ecoff <= 0 || off >= 1024)
+			sysfatal("bad magic number");
+		off++;
+		ecoff--;
+		Bseek(bin, ecoff, 0);
+	}
 	get2(bin);
 	get2(bin);
 	get2(bin);