Message337543
PKWARE encryption password pre check algorithm (relying on an 8 bits value to differentiate passwords) is insanely short.
Most of the wrong passwords are filtered out by the check, but some of them aren't. For the ones in the latter category, when trying to extract an archive member, a 0 lengthed file with its name will be created on the FS (overwriting any previous version).
Usecase:
1. Extract an archive member using the good password. File extracted
2. Extract the same member using a wrong password:
2.1 For most of the passwords, they will be detected and the operation cancelled
2.2 But some of them, they won't be detected (false positives), but the decryption itself will fail overwriting the file (from #1.) on FS but leaving it with 0 bytes content
This is the about #2.2.
More details on [[SO]: zipfile.BadZipFile: Bad CRC-32 when extracting a password protected .zip & .zip goes corrupt on extract (@CristiFati's answer)](https://stackoverflow.com/questions/54532010/zipfile-badzipfile-bad-crc-32-when-extracting-a-password-protected-zip-zip/55063500#55063500). |
|
Date |
User |
Action |
Args |
2019-03-08 22:56:50 | CristiFati | set | recipients:
+ CristiFati |
2019-03-08 22:56:50 | CristiFati | set | messageid: <1552085810.83.0.29138554052.issue36247@roundup.psfhosted.org> |
2019-03-08 22:56:50 | CristiFati | link | issue36247 messages |
2019-03-08 22:56:50 | CristiFati | create | |
|