diff options
| author | Cody Maloney <cmaloney@users.noreply.github.com> | 2024-11-03 05:28:51 (GMT) |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-11-03 05:28:51 (GMT) |
| commit | 556dc9b8a78bad296513221f3f414a3f8fd0ae70 (patch) | |
| tree | 610404e369536bded8094df5134c2428ddaed3b2 | |
| parent | 8161afe51c65afbf0332da58837d94975cec9f65 (diff) | |
| download | cpython-556dc9b8a78bad296513221f3f414a3f8fd0ae70.zip cpython-556dc9b8a78bad296513221f3f414a3f8fd0ae70.tar.gz cpython-556dc9b8a78bad296513221f3f414a3f8fd0ae70.tar.bz2 | |
gh-113977, gh-120754: Remove unbounded reads from zipfile (GH-122101)
GH-113977, GH-120754: Remove unbounded reads from zipfile
Read without a size may read an unbounded amount of data + allocate
unbounded size buffers. Move to capped size reads to prevent potential
issues.
Co-authored-by: Daniel Hillier <daniel.hillier@gmail.com>
Co-authored-by: blurb-it[bot] <43283697+blurb-it[bot]@users.noreply.github.com>
| -rw-r--r-- | Lib/zipfile/__init__.py | 6 | ||||
| -rw-r--r-- | Misc/NEWS.d/next/Library/2024-07-23-02-24-50.gh-issue-120754.nHb5mG.rst | 1 |
2 files changed, 4 insertions, 3 deletions
diff --git a/Lib/zipfile/__init__.py b/Lib/zipfile/__init__.py index e2aaf8b..08c83cf 100644 --- a/Lib/zipfile/__init__.py +++ b/Lib/zipfile/__init__.py @@ -309,7 +309,7 @@ def _EndRecData(fpin): fpin.seek(-sizeEndCentDir, 2) except OSError: return None - data = fpin.read() + data = fpin.read(sizeEndCentDir) if (len(data) == sizeEndCentDir and data[0:4] == stringEndArchive and data[-2:] == b"\000\000"): @@ -329,9 +329,9 @@ def _EndRecData(fpin): # record signature. The comment is the last item in the ZIP file and may be # up to 64K long. It is assumed that the "end of central directory" magic # number does not appear in the comment. - maxCommentStart = max(filesize - (1 << 16) - sizeEndCentDir, 0) + maxCommentStart = max(filesize - ZIP_MAX_COMMENT - sizeEndCentDir, 0) fpin.seek(maxCommentStart, 0) - data = fpin.read() + data = fpin.read(ZIP_MAX_COMMENT + sizeEndCentDir) start = data.rfind(stringEndArchive) if start >= 0: # found the magic number; attempt to unpack and interpret diff --git a/Misc/NEWS.d/next/Library/2024-07-23-02-24-50.gh-issue-120754.nHb5mG.rst b/Misc/NEWS.d/next/Library/2024-07-23-02-24-50.gh-issue-120754.nHb5mG.rst new file mode 100644 index 0000000..6c33e7b --- /dev/null +++ b/Misc/NEWS.d/next/Library/2024-07-23-02-24-50.gh-issue-120754.nHb5mG.rst @@ -0,0 +1 @@ +Update unbounded ``read`` calls in :mod:`zipfile` to specify an explicit ``size`` putting a limit on how much data they may read. This also updates handling around ZIP max comment size to match the standard instead of reading comments that are one byte too long. |