Issue36988
Created on 2019-05-21 10:49 by alter-bug-tracer, last changed 2022-04-11 14:59 by admin.
| Files | ||||
|---|---|---|---|---|
| File name | Uploaded | Description | Edit | |
| file0.zip | alter-bug-tracer, 2019-05-21 10:49 | |||
| Messages (5) | |||
|---|---|---|---|
| msg343006 - (view) | Author: alter-bug-tracer (alter-bug-tracer) * | Date: 2019-05-21 10:49 | |
The following code throws an IndexError when attempting to extract a malformed archive (attached):
import zipfile
import sys
zf = zipfile.ZipFile(sys.argv[1])
for info in zf.infolist():
zf.extract(info.filename)
Result:
Traceback (most recent call last):
File "code.py", line 6, in <module>
zf.extract(info.filename)
File "/usr/lib/python3.6/zipfile.py", line 1507, in extract
return self._extract_member(member, path, pwd)
File "/usr/lib/python3.6/zipfile.py", line 1572, in _extract_member
if member.is_dir():
File "/usr/lib/python3.6/zipfile.py", line 531, in is_dir
return self.filename[-1] == '/'
IndexError: string index out of range
|
|||
| msg343047 - (view) | Author: JUN-WEI SONG (krnick) * | Date: 2019-05-21 13:29 | |
The following output throws error when using unzip -t
$ unzip -t file0.zip
Output:
Archive: file0.zip
: mismatching "local" filename (zipfile_extract.pyUT^I),
continuing with "central" filename version
testing:
error: invalid compressed data to inflate
At least one error was detected in file0.zip.
It looks like the zip file is corrupted. Maybe we could add some detection mechanisms before extract it like unzip, for example, unsupported characters or file corrupted check.
|
|||
| msg343052 - (view) | Author: alter-bug-tracer (alter-bug-tracer) * | Date: 2019-05-21 14:17 | |
Hi, The zip is corrupted on purpose. I agree, every input should be checked before doing stuff with it. |
|||
| msg343140 - (view) | Author: KunYu Chen (18z) * | Date: 2019-05-22 02:55 | |
Hi alter-bug-tracer, We notice about this pitfall when extracting zipbomb files. and we have discussion here https://bugs.python.org/issue36260 |
|||
| msg410717 - (view) | Author: Irit Katriel (iritkatriel) *  |
Date: 2022-01-16 19:41 | |
Reproduced on 3.11. |
|||
| History | |||
|---|---|---|---|
| Date | User | Action | Args |
| 2022-04-11 14:59:15 | admin | set | github: 81169 |
| 2022-01-16 19:41:26 | iritkatriel | set | nosy:
+ iritkatriel messages:
+ msg410717 |
| 2019-05-31 06:02:58 | Jeffrey.Kintscher | set | nosy:
- Jeffrey.Kintscher |
| 2019-05-28 07:51:39 | Jeffrey.Kintscher | set | nosy:
+ Jeffrey.Kintscher |
| 2019-05-22 02:55:05 | 18z | set | nosy:
+ 18z messages: + msg343140 |
| 2019-05-21 14:17:43 | alter-bug-tracer | set | messages: + msg343052 |
| 2019-05-21 13:29:19 | krnick | set | nosy:
+ krnick messages: + msg343047 |
| 2019-05-21 10:49:55 | alter-bug-tracer | create | |