summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGregory P. Smith <greg@krypto.org>2014-05-30 06:42:47 (GMT)
committerGregory P. Smith <greg@krypto.org>2014-05-30 06:42:47 (GMT)
commite7bfe13635e4201660c9d016b62de10c2f7c9de3 (patch)
treece15026563908fd49b5a5e6fea1054206c5d7733
parent12c5247be9f30052733d4cda26af5344292582ec (diff)
parent0af8a86be85ecf1899d0770c6d31541128ea8cad (diff)
downloadcpython-e7bfe13635e4201660c9d016b62de10c2f7c9de3.zip
cpython-e7bfe13635e4201660c9d016b62de10c2f7c9de3.tar.gz
cpython-e7bfe13635e4201660c9d016b62de10c2f7c9de3.tar.bz2
Fix issue #14315: The zipfile module now ignores extra fields in the central
directory that are too short to be parsed instead of letting a struct.unpack error bubble up as this "bad data" appears in many real world zip files in the wild and is ignored by other zip tools.
-rw-r--r--Lib/test/test_zipfile.py15
-rw-r--r--Lib/zipfile.py2
-rw-r--r--Misc/NEWS5
3 files changed, 21 insertions, 1 deletions
diff --git a/Lib/test/test_zipfile.py b/Lib/test/test_zipfile.py
index 2e232f3..9b428e9 100644
--- a/Lib/test/test_zipfile.py
+++ b/Lib/test/test_zipfile.py
@@ -1289,6 +1289,21 @@ class OtherTests(unittest.TestCase):
self.assertRaises(ValueError,
zipfile.ZipInfo, 'seventies', (1979, 1, 1, 0, 0, 0))
+ def test_zipfile_with_short_extra_field(self):
+ """If an extra field in the header is less than 4 bytes, skip it."""
+ zipdata = (
+ b'PK\x03\x04\x14\x00\x00\x00\x00\x00\x93\x9b\xad@\x8b\x9e'
+ b'\xd9\xd3\x01\x00\x00\x00\x01\x00\x00\x00\x03\x00\x03\x00ab'
+ b'c\x00\x00\x00APK\x01\x02\x14\x03\x14\x00\x00\x00\x00'
+ b'\x00\x93\x9b\xad@\x8b\x9e\xd9\xd3\x01\x00\x00\x00\x01\x00\x00'
+ b'\x00\x03\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa4\x81\x00'
+ b'\x00\x00\x00abc\x00\x00PK\x05\x06\x00\x00\x00\x00'
+ b'\x01\x00\x01\x003\x00\x00\x00%\x00\x00\x00\x00\x00'
+ )
+ with zipfile.ZipFile(io.BytesIO(zipdata), 'r') as zipf:
+ # testzip returns the name of the first corrupt file, or None
+ self.assertIsNone(zipf.testzip())
+
def tearDown(self):
unlink(TESTFN)
unlink(TESTFN2)
diff --git a/Lib/zipfile.py b/Lib/zipfile.py
index 7b6bd5f..ee228b1 100644
--- a/Lib/zipfile.py
+++ b/Lib/zipfile.py
@@ -411,7 +411,7 @@ class ZipInfo (object):
# Try to decode the extra field.
extra = self.extra
unpack = struct.unpack
- while extra:
+ while len(extra) >= 4:
tp, ln = unpack('<HH', extra[:4])
if tp == 1:
if ln >= 24:
diff --git a/Misc/NEWS b/Misc/NEWS
index f2bd7b7..7afb332 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -89,6 +89,11 @@ Core and Builtins
Library
-------
+- Issue #14315: The zipfile module now ignores extra fields in the central
+ directory that are too short to be parsed instead of letting a struct.unpack
+ error bubble up as this "bad data" appears in many real world zip files in
+ the wild and is ignored by other zip tools.
+
- Issue #21402: tkinter.ttk now works when default root window is not set.
- Issue #3015: _tkinter.create() now creates tkapp object with wantobject=1 by