diff options
author | Gregory P. Smith <greg@krypto.org> | 2014-05-30 06:42:47 (GMT) |
---|---|---|
committer | Gregory P. Smith <greg@krypto.org> | 2014-05-30 06:42:47 (GMT) |
commit | e7bfe13635e4201660c9d016b62de10c2f7c9de3 (patch) | |
tree | ce15026563908fd49b5a5e6fea1054206c5d7733 | |
parent | 12c5247be9f30052733d4cda26af5344292582ec (diff) | |
parent | 0af8a86be85ecf1899d0770c6d31541128ea8cad (diff) | |
download | cpython-e7bfe13635e4201660c9d016b62de10c2f7c9de3.zip cpython-e7bfe13635e4201660c9d016b62de10c2f7c9de3.tar.gz cpython-e7bfe13635e4201660c9d016b62de10c2f7c9de3.tar.bz2 |
Fix issue #14315: The zipfile module now ignores extra fields in the central
directory that are too short to be parsed instead of letting a struct.unpack
error bubble up as this "bad data" appears in many real world zip files in the
wild and is ignored by other zip tools.
-rw-r--r-- | Lib/test/test_zipfile.py | 15 | ||||
-rw-r--r-- | Lib/zipfile.py | 2 | ||||
-rw-r--r-- | Misc/NEWS | 5 |
3 files changed, 21 insertions, 1 deletions
diff --git a/Lib/test/test_zipfile.py b/Lib/test/test_zipfile.py index 2e232f3..9b428e9 100644 --- a/Lib/test/test_zipfile.py +++ b/Lib/test/test_zipfile.py @@ -1289,6 +1289,21 @@ class OtherTests(unittest.TestCase): self.assertRaises(ValueError, zipfile.ZipInfo, 'seventies', (1979, 1, 1, 0, 0, 0)) + def test_zipfile_with_short_extra_field(self): + """If an extra field in the header is less than 4 bytes, skip it.""" + zipdata = ( + b'PK\x03\x04\x14\x00\x00\x00\x00\x00\x93\x9b\xad@\x8b\x9e' + b'\xd9\xd3\x01\x00\x00\x00\x01\x00\x00\x00\x03\x00\x03\x00ab' + b'c\x00\x00\x00APK\x01\x02\x14\x03\x14\x00\x00\x00\x00' + b'\x00\x93\x9b\xad@\x8b\x9e\xd9\xd3\x01\x00\x00\x00\x01\x00\x00' + b'\x00\x03\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa4\x81\x00' + b'\x00\x00\x00abc\x00\x00PK\x05\x06\x00\x00\x00\x00' + b'\x01\x00\x01\x003\x00\x00\x00%\x00\x00\x00\x00\x00' + ) + with zipfile.ZipFile(io.BytesIO(zipdata), 'r') as zipf: + # testzip returns the name of the first corrupt file, or None + self.assertIsNone(zipf.testzip()) + def tearDown(self): unlink(TESTFN) unlink(TESTFN2) diff --git a/Lib/zipfile.py b/Lib/zipfile.py index 7b6bd5f..ee228b1 100644 --- a/Lib/zipfile.py +++ b/Lib/zipfile.py @@ -411,7 +411,7 @@ class ZipInfo (object): # Try to decode the extra field. extra = self.extra unpack = struct.unpack - while extra: + while len(extra) >= 4: tp, ln = unpack('<HH', extra[:4]) if tp == 1: if ln >= 24: @@ -89,6 +89,11 @@ Core and Builtins Library ------- +- Issue #14315: The zipfile module now ignores extra fields in the central + directory that are too short to be parsed instead of letting a struct.unpack + error bubble up as this "bad data" appears in many real world zip files in + the wild and is ignored by other zip tools. + - Issue #21402: tkinter.ttk now works when default root window is not set. - Issue #3015: _tkinter.create() now creates tkapp object with wantobject=1 by |