Hi,
I found rubyzip 0.5.4 fails on a zip file with with extra
bytes, e.g., some virus attachments. Yes, it would be an
incorrect file, but who can expect correct behaviors from virus
kiddies?
$ zipinfo -1 textfile.zip
textfile.htm.exe
$ ruby-1.8 -Irubyzip -rzip/zip -e ‘Zip::ZipFile.foreach(ARGV[0]){|n|p n.name}’ textfile.zip
"textfile.htm.exe"
$ zipinfo -1 photos.zip
warning [photos.zip]: 2 extra bytes at beginning or within zipfile
(attempting to process anyway)
photos.jpg.exe
$ ruby-1.8 -Irubyzip -rzip/zip -e ‘Zip::ZipFile.foreach(ARGV[0]){|n|p n.name}’ photos.zip
./rubyzip/zip/zip.rb:717:in dup': can't dup NilClass (TypeError) from ./rubyzip/zip/zip.rb:717:in
dup’
from ./rubyzip/zip/zip.rb:717:in map' from ./rubyzip/zip/zip.rb:717:in
dup’
from ./rubyzip/zip/zip.rb:874:in initialize' from ./rubyzip/zip/zip.rb:878:in
new’
from ./rubyzip/zip/zip.rb:878:in open' from ./rubyzip/zip/zip.rb:893:in
foreach’
from -e:1
And ::VERSION constant has been obsolete already and is no
longer provided in 1.9.
$ ruby-1.9 -Irubyzip -rzip/zip -e 0
./rubyzip/zip/zip.rb:20: uninitialized constant Zip::VERSION (NameError)
Also, only zip/ioextras.rb has CR+LF line codes.
diff -ru2pw zip/ioextras.rb zip.new/ioextras.rb
— zip/ioextras.rb 2004-03-17 02:20:27.000000000 +0900
+++ zip.new/ioextras.rb 2004-03-27 17:55:10.000000000 +0900
@@ -1,5 +1,2 @@
-#!/usr/bin/env ruby
···
module IOExtras
module FakeIO
diff -ru2pw zip/stdrubyext.rb zip.new/stdrubyext.rb
— zip/stdrubyext.rb 2004-01-31 00:07:56.000000000 +0900
+++ zip.new/stdrubyext.rb 2004-03-27 17:53:24.000000000 +0900
@@ -1,3 +1,3 @@
-unless Enumerable.instance_methods(true).include?(“inject”)
+unless Enumerable.method_defined?(:inject)
module Enumerable #:nodoc:all
def inject(n = 0)
@@ -16,5 +16,5 @@ module Enumerable #:nodoc:all
end
-unless Object.instance_methods(true).include?(“object_id”)
+unless Object.method_defined?(:object_id)
class Object
# Using object_id which is the new thing, so we need
@@ -35,10 +35,9 @@ end
class String
def starts_with(aString)
- slice(0, aString.size) == aString
- rindex(aString.size, 0)
end
def ends_with(aString)
- aStringSize = aString.size
- slice(-aStringSize, aStringSize) == aString
- index(aString, -aString.size)
end
diff -ru2pw zip/zip.rb zip.new/zip.rb
— zip/zip.rb 2004-03-26 00:34:43.000000000 +0900
+++ zip.new/zip.rb 2004-03-27 17:54:47.000000000 +0900
@@ -1,7 +1,5 @@
-#!/usr/bin/env ruby
require 'delegate’
require ‘singleton’
-require ‘zip/tempfile_bugfixed’
+require 'tempfile’
require 'ftools’
require ‘zlib’
@@ -10,4 +8,9 @@ require ‘zip/ioextras’
+if Tempfile.superclass == SimpleDelegator
- require ‘zip/tempfile_bugfixed’
- Tempfile = BugFix::Tempfile
+end
module Zlib
if ! const_defined? :MAX_WBITS
@@ -18,5 +21,5 @@ end
module Zip
- RUBY_MINOR_VERSION = VERSION.split(".")[1].to_i
-
RUBY_MINOR_VERSION = RUBY_VERSION.split(".")[1].to_i
Ruby 1.7.x compatibility
@@ -365,5 +368,5 @@ module Zip
end
- CENTRAL_DIRECTORY_ENTRY_SIGNATURE = 0x02014b50
- CENTRAL_DIRECTORY_ENTRY_SIGNATURE = “PK\1\2”.freeze
CDIR_ENTRY_STATIC_HEADER_LENGTH = 46
@@ -374,4 +377,12 @@ module Zip
end
-
unless cdirSignature = staticSizedFieldsBuf.index(CENTRAL_DIRECTORY_ENTRY_SIGNATURE)
- raise ZipError, “Zip local header magic not found at location ‘#{localHeaderOffset}’”
-
end
-
if cdirSignature > 0
-
staticSizedFieldsBuf[0, cdirSignature] = ""
-
staticSizedFieldsBuf << io.read(cdirSignature)
-
end
-
@version , # version of encoding softwarecdirSignature ,
@@ -396,7 +407,4 @@ module Zip
@comment = staticSizedFieldsBuf.unpack(‘VCCvvvvvVVVvvvvvVV’)
-
unless (cdirSignature == CENTRAL_DIRECTORY_ENTRY_SIGNATURE)
- raise ZipError, “Zip local header magic not found at location ‘#{localHeaderOffset}’”
-
end set_time(lastModDate, lastModTime)
@@ -1069,5 +1077,5 @@ module Zip
def get_tempfile
-
tempFile = BugFix::Tempfile.new(File.basename(name), File.dirname(name))
-
tempFile = Tempfile.new(File.basename(name), File.dirname(name)) tempFile.binmode tempFile
@@ -1119,5 +1127,5 @@ module Zip
def initialize(entry)
super(entry)
-
@tempFile = BugFix::Tempfile.new(File.basename(name), File.dirname(zipfile))
-
end@tempFile = Tempfile.new(File.basename(name), File.dirname(zipfile)) @tempFile.binmode
diff -ru2pw zip/zipfilesystem.rb zip.new/zipfilesystem.rb
— zip/zipfilesystem.rb 2004-01-31 00:07:56.000000000 +0900
+++ zip.new/zipfilesystem.rb 2004-03-27 17:54:39.000000000 +0900
@@ -1,4 +1,2 @@
-#!/usr/bin/env ruby
require ‘zip/zip’
diff -ru2pw zip/ziprequire.rb zip.new/ziprequire.rb
— zip/ziprequire.rb 2003-08-21 22:54:33.000000000 +0900
+++ zip.new/ziprequire.rb 2004-03-27 17:54:30.000000000 +0900
@@ -1,4 +1,2 @@
-#!/usr/bin/env ruby
require ‘zip/zip’
–
Nobu Nakada