[Patches] [ python-Patches-755987 ] zipfile.py bug 755031; null byte in file name
SourceForge.net
noreply@sourceforge.net
Tue, 17 Jun 2003 18:07:58 -0700
Patches item #755987, was opened at 2003-06-17 11:47
Message generated for change (Comment added) made by gward
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=305470&aid=755987&group_id=5470
Category: Library (Lib)
Group: Python 2.3
>Status: Closed
>Resolution: Fixed
Priority: 5
Submitted By: James C. Ahlstrom (ahlstromjc)
Assigned to: Nobody/Anonymous (nobody)
Summary: zipfile.py bug 755031; null byte in file name
Initial Comment:
This is a patch for Bug 755031: If a null byte appears in
a file name, Python zipfile.py retains it, but InfoZip
terminates the name. Null bytes in file names are used
as a trick by viruses. I tested WinZip, and it also
truncates the file name at the null byte.
I am about 80% sure this patch is a good idea, but it
does add a little more complexity. If the consensus is
that virus files are not Python's problem, I won't be
offended if it is rejected. It does seem useful to be
consistent with WinZip and InfoZip.
The patch also fixes a buglet: If a zipfile incorrectly
uses a directory separator other than '/', there was an
invalid complaint that the central directory name does
not match the file header name.
I also removed my name from the top of the file. It was
there for legal reasons which I believe no longer apply.
Many people have worked on this file besides me.
I don't believe there should be a test for null bytes in
the zipfile.py test suite.
----------------------------------------------------------------------
>Comment By: Greg Ward (gward)
Date: 2003-06-17 21:07
Message:
Logged In: YES
user_id=14422
Thanks Jim! Your patch works for me, and the test still
passes. I've checked it in on the trunk (rev 1.29, 1.30)
and backported it to release22-maint branch.
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=305470&aid=755987&group_id=5470