[3.11] gh-109858: Protect zipfile from "quoted-overlap" zipbomb (GH-110016) (GH-113913)

Raise BadZipFile when try to read an entry that overlaps with other entry or central directory. (cherry picked from commit 66363b9a7b9fe7c99eba3a185b74c5fdbf842eba) Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
author: Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com> 2024-01-11 09:24:47 (GMT)
committer: GitHub <noreply@github.com> 2024-01-11 09:24:47 (GMT)
commit: a956e510f6336d5ae111ba429a61c3ade30a7549 (patch)
tree: d53ee83511e729a3bd0c9001ab8cb6f5bcbc84d1 /Misc
parent: 6e21c590f6c68dace297c82c62d0a1286a2ab066 (diff)
download: cpython-a956e510f6336d5ae111ba429a61c3ade30a7549.zip
cpython-a956e510f6336d5ae111ba429a61c3ade30a7549.tar.gz
cpython-a956e510f6336d5ae111ba429a61c3ade30a7549.tar.bz2
1 files changed, 3 insertions, 0 deletions
diff --git a/Misc/NEWS.d/next/Library/2023-09-28-13-15-51.gh-issue-109858.43e2dg.rst b/Misc/NEWS.d/next/Library/2023-09-28-13-15-51.gh-issue-109858.43e2dg.rst
new file mode 100644
index 0000000..be279ca
--- /dev/null
+++ b/Misc/NEWS.d/next/Library/2023-09-28-13-15-51.gh-issue-109858.43e2dg.rst
@@ -0,0 +1,3 @@
+Protect :mod:`zipfile` from "quoted-overlap" zipbomb. It now raises
+BadZipFile when try to read an entry that overlaps with other entry or
+central directory.
author	Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com>	2024-01-11 09:24:47 (GMT)
committer	GitHub <noreply@github.com>	2024-01-11 09:24:47 (GMT)
commit	a956e510f6336d5ae111ba429a61c3ade30a7549 (patch)
tree	d53ee83511e729a3bd0c9001ab8cb6f5bcbc84d1 /Misc
parent	6e21c590f6c68dace297c82c62d0a1286a2ab066 (diff)
download	cpython-a956e510f6336d5ae111ba429a61c3ade30a7549.zip cpython-a956e510f6336d5ae111ba429a61c3ade30a7549.tar.gz cpython-a956e510f6336d5ae111ba429a61c3ade30a7549.tar.bz2