View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0018106 | CentOS-8 | unzip | public | 2021-03-16 16:26 | 2021-03-16 16:26 |
Reporter | kubo | Assigned To | |||
Priority | normal | Severity | minor | Reproducibility | always |
Status | new | Resolution | open | ||
Summary | 0018106: extract of mixed sizes leads to an error | ||||
Description | When zip file contains a file with central directory header without an extra filed (and thus the data descriptor is not in ZIP64 format), G.zip64 flag is not reset. It can cause problems for zip files with mix of files larger and smaller than 4GB, created by compressors, which add extra fields only for files larger than 4GB (like Java). See https://github.com/madler/unzip/pull/6 for more details. | ||||
Steps To Reproduce | Described in github: https://github.com/madler/unzip/pull/6 ``` dd if=/dev/zero of=file_larger_than_4g bs=1024 count=4194305 dd if=/dev/zero of=file_smaller_than_4g bs=1024 count=1 cat > TestZip.java <<EOF import java.util.zip.ZipOutputStream; import java.util.zip.ZipEntry; import java.io.FileInputStream; import java.io.FileOutputStream; class TestZip { private static void addFileToZip(ZipOutputStream zos, String name) throws Exception { byte[] buffer = new byte[2048]; FileInputStream fis = new FileInputStream(name); zos.putNextEntry(new ZipEntry(name)); int length; while ((length = fis.read(buffer)) > 0) { zos.write(buffer, 0, length); } } public static void main(String args[]) throws Exception { ZipOutputStream zos = new ZipOutputStream(new FileOutputStream("test_zip.zip")); addFileToZip(zos, "file_larger_than_4g"); addFileToZip(zos, "file_smaller_than_4g"); zos.close(); } } EOF javac TestZip.java java TestZip ./unzip -t test_zip.zip file_smaller_than_4g ``` Without the fix: ``` [nix-shell:~/src/unzip]$ ./unzip -t test_zip.zip file_smaller_than_4g Archive: test_zip.zip testing: file_smaller_than_4g OK error: invalid zip file with overlapped components (possible zip bomb) ``` After the fix: ``` [nix-shell:~/src/unzip]$ ./unzip -t test_zip.zip file_smaller_than_4g Archive: test_zip.zip testing: file_smaller_than_4g OK No errors detected in test_zip.zip for the 1 file tested. ``` | ||||
Additional Information | The fix is already inplace in upstream, please patch the OS' unzip: https://github.com/madler/unzip/commit/122050bac16fae82a460ff739fb1ca0f106e9d85 | ||||
Tags | No tags attached. | ||||
Date Modified | Username | Field | Change |
---|---|---|---|
2021-03-16 16:26 | kubo | New Issue |