[Patches] [ python-Patches-755987 ] zipfile.py bug 755031; null byte in file name
SourceForge.net
noreply@sourceforge.net
Tue, 17 Jun 2003 08:47:18 -0700
Patches item #755987, was opened at 2003-06-17 15:47
Message generated for change (Tracker Item Submitted) made by Item Submitter
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=305470&aid=755987&group_id=5470
Category: Library (Lib)
Group: Python 2.3
Status: Open
Resolution: None
Priority: 5
Submitted By: James C. Ahlstrom (ahlstromjc)
Assigned to: Nobody/Anonymous (nobody)
Summary: zipfile.py bug 755031; null byte in file name
Initial Comment:
This is a patch for Bug 755031: If a null byte appears in
a file name, Python zipfile.py retains it, but InfoZip
terminates the name. Null bytes in file names are used
as a trick by viruses. I tested WinZip, and it also
truncates the file name at the null byte.
I am about 80% sure this patch is a good idea, but it
does add a little more complexity. If the consensus is
that virus files are not Python's problem, I won't be
offended if it is rejected. It does seem useful to be
consistent with WinZip and InfoZip.
The patch also fixes a buglet: If a zipfile incorrectly
uses a directory separator other than '/', there was an
invalid complaint that the central directory name does
not match the file header name.
I also removed my name from the top of the file. It was
there for legal reasons which I believe no longer apply.
Many people have worked on this file besides me.
I don't believe there should be a test for null bytes in
the zipfile.py test suite.
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=305470&aid=755987&group_id=5470