← Back to index | Original Bugzilla link

Bug 20239 – chameleon zip-file should be rejected by std.zip

Status: RESOLVED
Resolution: FIXED
Severity: normal
Priority: P1
Component: phobos
Product: D
Version: D2
Platform: x86_64
OS: Linux
Creation time: 2019-09-25T07:03:06Z
Last change time: 2019-10-07T05:34:04Z
Keywords: pull
Assigned to: No Owner
Creator: Berni

Attachments

ID	Filename	Summary	Content-Type	Size
1761	best_language.zip	correct zip file, which is handled wrong by std.zip	application/zip	360

Comments

Comment #0 by dlang — 2019-09-25T07:03:06Z

Created attachment 1761 correct zip file, which is handled wrong by std.zip The attached zip file is a correct zip file according to the specification https://pkware.cachefly.net/webdocs/APPNOTE/APPNOTE-6.3.5.TXT It contains a zipped file called "best_language" with content "D". But std.zip will output "FORTRAN" instead. (By the way, linux tool unzip is tricked too, gunzip not. I havn't tried other programs yet.) The file contains a file comment at the end. std.zip detects inside this comment a central directory and therefore misses the correct central directory.

Comment #1 by dlang — 2019-09-25T19:41:39Z

I just learned, that this is called a chameleon file. The result depends on the parser used. Such files should be rejected as they can be assumed to be malware.

Comment #2 by dlang-bot — 2019-09-25T19:46:20Z

@crocopaw created dlang/phobos pull request #7198 "Fix issue 20239 - chameleon zip-file should be rejected by std.zip" fixing this issue: - Fix issue 20239 - chameleon zip-file should be rejected by std.zip https://github.com/dlang/phobos/pull/7198

Comment #3 by dlang-bot — 2019-10-07T05:34:04Z

dlang/phobos pull request #7198 "Fix issue 20239 - chameleon zip-file should be rejected by std.zip" was merged into master: - d750324351ff658204164f3268fed8d2c9cb6055 by Berni: Fix issue 20239 - chameleon zip-file should be rejected by std.zip https://github.com/dlang/phobos/pull/7198