[New-bugs-announce] [issue4844] ZipFile doesn't range check in _EndRecData()
Yngve AAdlandsvik
report at bugs.python.org
Mon Jan 5 16:24:11 CET 2009
New submission from Yngve AAdlandsvik <ymgve at start.no>:
If you have a .zip file with an incomplete "End of Central Directory"
record, _EndRecData() will throw a struct.error:
D:\c64workdir\Ultimate_Mag_Archive>e:ziptest.py "old -
Ultimate_Mag_Archive"
Handling A-z\0\64times01-double.zip
Traceback (most recent call last):
File "E:\wwwroot\c64db\tools\ziptest.py", line 48, in <module>
ok = handle_file(data, rel_filename)
File "E:\wwwroot\c64db\tools\ziptest.py", line 19, in handle_file
z = zipfile.ZipFile(cStringIO.StringIO(data), "r")
File "C:\Python26\lib\zipfile.py", line 698, in __init__
self._GetContents()
File "C:\Python26\lib\zipfile.py", line 718, in _GetContents
self._RealGetContents()
File "C:\Python26\lib\zipfile.py", line 728, in _RealGetContents
endrec = _EndRecData(fp)
File "C:\Python26\lib\zipfile.py", line 219, in _EndRecData
endrec = list(struct.unpack(structEndArchive, recData))
struct.error: unpack requires a string argument of length 22
The fix is to include a check to see if there is data enough for the
whole record before attempting to unpack.
----------
components: Library (Lib)
messages: 79155
nosy: ymgve
severity: normal
status: open
title: ZipFile doesn't range check in _EndRecData()
versions: Python 2.6
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue4844>
_______________________________________
More information about the New-bugs-announce
mailing list