Issue 755987: zipfile.py bug 755031; null byte in file name

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

This issue has been migrated to GitHub: https://github.com/python/cpython/issues/38667

classification

Title:	zipfile.py bug 755031; null byte in file name
Type:		Stage:
Components:	Library (Lib)	Versions:	Python 2.3

process

Created on 2003-06-17 15:47 by ahlstromjc, last changed 2022-04-10 16:09 by admin. This issue is now closed.

Files
File name	Uploaded	Description	Edit
zipfile.diff	ahlstromjc, 2003-06-17 15:47	diff against 6-17-2003 CVS zipfile.py

Messages (2)
msg44047 - (view)	Author: James C. Ahlstrom (ahlstromjc)	Date: 2003-06-17 15:47
This is a patch for Bug 755031: If a null byte appears in a file name, Python zipfile.py retains it, but InfoZip terminates the name. Null bytes in file names are used as a trick by viruses. I tested WinZip, and it also truncates the file name at the null byte. I am about 80% sure this patch is a good idea, but it does add a little more complexity. If the consensus is that virus files are not Python's problem, I won't be offended if it is rejected. It does seem useful to be consistent with WinZip and InfoZip. The patch also fixes a buglet: If a zipfile incorrectly uses a directory separator other than '/', there was an invalid complaint that the central directory name does not match the file header name. I also removed my name from the top of the file. It was there for legal reasons which I believe no longer apply. Many people have worked on this file besides me. I don't believe there should be a test for null bytes in the zipfile.py test suite.
msg44048 - (view)	Author: Greg Ward (gward)	Date: 2003-06-18 01:07
Logged In: YES user_id=14422 Thanks Jim! Your patch works for me, and the test still passes. I've checked it in on the trunk (rev 1.29, 1.30) and backported it to release22-maint branch.