[PATCH] rubyzip on extra bytes

Hi,

I found rubyzip 0.5.4 fails on a zip file with with extra
bytes, e.g., some virus attachments. Yes, it would be an
incorrect file, but who can expect correct behaviors from virus
kiddies?

$ zipinfo -1 textfile.zip
textfile.htm.exe

$ ruby-1.8 -Irubyzip -rzip/zip -e ‘Zip::ZipFile.foreach(ARGV[0]){|n|p n.name}’ textfile.zip
"textfile.htm.exe"

$ zipinfo -1 photos.zip
warning [photos.zip]: 2 extra bytes at beginning or within zipfile
(attempting to process anyway)
photos.jpg.exe

$ ruby-1.8 -Irubyzip -rzip/zip -e ‘Zip::ZipFile.foreach(ARGV[0]){|n|p n.name}’ photos.zip
./rubyzip/zip/zip.rb:717:in dup': can't dup NilClass (TypeError) from ./rubyzip/zip/zip.rb:717:indup’
from ./rubyzip/zip/zip.rb:717:in map' from ./rubyzip/zip/zip.rb:717:indup’
from ./rubyzip/zip/zip.rb:874:in initialize' from ./rubyzip/zip/zip.rb:878:innew’
from ./rubyzip/zip/zip.rb:878:in open' from ./rubyzip/zip/zip.rb:893:inforeach’
from -e:1

And ::VERSION constant has been obsolete already and is no
longer provided in 1.9.

$ ruby-1.9 -Irubyzip -rzip/zip -e 0
./rubyzip/zip/zip.rb:20: uninitialized constant Zip::VERSION (NameError)

Also, only zip/ioextras.rb has CR+LF line codes.

diff -ru2pw zip/ioextras.rb zip.new/ioextras.rb
— zip/ioextras.rb 2004-03-17 02:20:27.000000000 +0900
+++ zip.new/ioextras.rb 2004-03-27 17:55:10.000000000 +0900
@@ -1,5 +1,2 @@
-#!/usr/bin/env ruby

···

module IOExtras
module FakeIO
diff -ru2pw zip/stdrubyext.rb zip.new/stdrubyext.rb
— zip/stdrubyext.rb 2004-01-31 00:07:56.000000000 +0900
+++ zip.new/stdrubyext.rb 2004-03-27 17:53:24.000000000 +0900
@@ -1,3 +1,3 @@
-unless Enumerable.instance_methods(true).include?(“inject”)
+unless Enumerable.method_defined?(:inject)
module Enumerable #:nodoc:all
def inject(n = 0)
@@ -16,5 +16,5 @@ module Enumerable #:nodoc:all
end

-unless Object.instance_methods(true).include?(“object_id”)
+unless Object.method_defined?(:object_id)
class Object
# Using object_id which is the new thing, so we need
@@ -35,10 +35,9 @@ end
class String
def starts_with(aString)

  • slice(0, aString.size) == aString
  • rindex(aString.size, 0)
    end

def ends_with(aString)

  • aStringSize = aString.size
  • slice(-aStringSize, aStringSize) == aString
  • index(aString, -aString.size)
    end

diff -ru2pw zip/zip.rb zip.new/zip.rb
— zip/zip.rb 2004-03-26 00:34:43.000000000 +0900
+++ zip.new/zip.rb 2004-03-27 17:54:47.000000000 +0900
@@ -1,7 +1,5 @@
-#!/usr/bin/env ruby

require 'delegate’
require ‘singleton’
-require ‘zip/tempfile_bugfixed’
+require 'tempfile’
require 'ftools’
require ‘zlib’
@@ -10,4 +8,9 @@ require ‘zip/ioextras’

+if Tempfile.superclass == SimpleDelegator

  • require ‘zip/tempfile_bugfixed’
  • Tempfile = BugFix::Tempfile
    +end

module Zlib
if ! const_defined? :MAX_WBITS
@@ -18,5 +21,5 @@ end
module Zip

  • RUBY_MINOR_VERSION = VERSION.split(".")[1].to_i
  • RUBY_MINOR_VERSION = RUBY_VERSION.split(".")[1].to_i

    Ruby 1.7.x compatibility

@@ -365,5 +368,5 @@ module Zip
end

  • CENTRAL_DIRECTORY_ENTRY_SIGNATURE = 0x02014b50
  • CENTRAL_DIRECTORY_ENTRY_SIGNATURE = “PK\1\2”.freeze
    CDIR_ENTRY_STATIC_HEADER_LENGTH = 46

@@ -374,4 +377,12 @@ module Zip
end

  •  unless cdirSignature = staticSizedFieldsBuf.index(CENTRAL_DIRECTORY_ENTRY_SIGNATURE)
    
  • raise ZipError, “Zip local header magic not found at location ‘#{localHeaderOffset}’”
  •  end
    
  •  if cdirSignature > 0
    
  •    staticSizedFieldsBuf[0, cdirSignature] = ""
    
  •    staticSizedFieldsBuf << io.read(cdirSignature)
    
  •  end
    
  •  cdirSignature          ,
    
    @version , # version of encoding software
    @@ -396,7 +407,4 @@ module Zip
    @comment = staticSizedFieldsBuf.unpack(‘VCCvvvvvVVVvvvvvVV’)
  •  unless (cdirSignature == CENTRAL_DIRECTORY_ENTRY_SIGNATURE)
    
  • raise ZipError, “Zip local header magic not found at location ‘#{localHeaderOffset}’”
  •  end
     set_time(lastModDate, lastModTime)
    

@@ -1069,5 +1077,5 @@ module Zip

 def get_tempfile
  •  tempFile = BugFix::Tempfile.new(File.basename(name), File.dirname(name))
    
  •  tempFile = Tempfile.new(File.basename(name), File.dirname(name))
     tempFile.binmode
     tempFile
    

@@ -1119,5 +1127,5 @@ module Zip
def initialize(entry)
super(entry)

  •  @tempFile = BugFix::Tempfile.new(File.basename(name), File.dirname(zipfile))
    
  •  @tempFile = Tempfile.new(File.basename(name), File.dirname(zipfile))
     @tempFile.binmode
    
    end
    diff -ru2pw zip/zipfilesystem.rb zip.new/zipfilesystem.rb
    — zip/zipfilesystem.rb 2004-01-31 00:07:56.000000000 +0900
    +++ zip.new/zipfilesystem.rb 2004-03-27 17:54:39.000000000 +0900
    @@ -1,4 +1,2 @@
    -#!/usr/bin/env ruby

require ‘zip/zip’

diff -ru2pw zip/ziprequire.rb zip.new/ziprequire.rb
— zip/ziprequire.rb 2003-08-21 22:54:33.000000000 +0900
+++ zip.new/ziprequire.rb 2004-03-27 17:54:30.000000000 +0900
@@ -1,4 +1,2 @@
-#!/usr/bin/env ruby

require ‘zip/zip’


Nobu Nakada

Hi nobu,

Thank you very much. I’m happily accepting your patch!

Did you mean to send it to the news group and not my email account?

Cheers,

Thomas

Hi,

At Sat, 27 Mar 2004 19:44:25 +0900,
Thomas Sondergaard wrote in [ruby-talk:95949]:

Did you mean to send it to the news group and not my email account?

Well, yes. It was better to send to you directly?

···


Nobu Nakada