Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Exception while extracting file from ZIP with non-matching file name in central directory #75358

Open
zyxtarmo mannequin opened this issue Aug 10, 2017 · 2 comments
Open

Exception while extracting file from ZIP with non-matching file name in central directory #75358

zyxtarmo mannequin opened this issue Aug 10, 2017 · 2 comments
Labels
stdlib Python modules in the Lib dir type-bug An unexpected behavior, bug, or error

Comments

@zyxtarmo
Copy link
Mannequin

zyxtarmo mannequin commented Aug 10, 2017

BPO 31175
Nosy @zyxtarmo
PRs
  • Allow filename mismatch in local and central directories in zipfile.py #3035
    		•
    Files
  • ZIP_filename_confusion.pdf: Small research paper on the topic
  • zipfile.patch
    		•

    Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.

    Show more details

    GitHub fields:

    assignee = None
closed_at = None
created_at = <Date 2017-08-10.13:05:08.569>
labels = ['type-bug', 'library']
title = 'Exception while extracting file from ZIP with non-matching file name in central directory'
updated_at = <Date 2017-08-10.13:08:08.683>
user = 'https://github.com/zyxtarmo'

    bugs.python.org fields:

    activity = <Date 2017-08-10.13:08:08.683>
actor = 'zyxtarmo'
assignee = 'none'
closed = False
closed_date = None
closer = None
components = ['Library (Lib)']
creation = <Date 2017-08-10.13:05:08.569>
creator = 'zyxtarmo'
dependencies = []
files = ['47073', '47074']
hgrepos = []
issue_num = 31175
keywords = ['patch']
message_count = 2.0
messages = ['300080', '300081']
nosy_count = 1.0
nosy_names = ['zyxtarmo']
pr_nums = ['3035']
priority = 'normal'
resolution = None
stage = None
status = 'open'
superseder = None
type = 'behavior'
url = 'https://bugs.python.org/issue31175'
versions = ['Python 2.7']
    @zyxtarmo
    Copy link
    Mannequin Author

    zyxtarmo mannequin commented Aug 10, 2017

    The problem: miscreants are modifying ZIP file header parts so, that Python based automated analysis tools are unable to process the contents of the ZIP file but intended clients are able to open the file and extract the possibly malicious contents.

    Github pull request contains patch addressing the issue so that developer can make conscious decision to allow extraction process to complete. Quite important feature for security researchers.

    @zyxtarmo zyxtarmo mannequin added stdlib Python modules in the Lib dir type-bug An unexpected behavior, bug, or error labels Aug 10, 2017
    @zyxtarmo
    Copy link
    Mannequin Author

    zyxtarmo mannequin commented Aug 10, 2017

    Proposed patch

    @ezio-melotti ezio-melotti transferred this issue from another repository Apr 10, 2022
    Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
    Assignees
    No one assigned
    Labels
    stdlib Python modules in the Lib dir type-bug An unexpected behavior, bug, or error
    Projects
    Zipfile issues
    Status: No status
    Milestone
    No milestone
    Development

    No branches or pull requests
    0 participants