poco icon indicating copy to clipboard operation
poco copied to clipboard
verified publisher icon pocoproject

[regression] Poco::Zip::ZipArchive does not detect actual incorrect local file headers

Open townsend2010 opened this issue 4 years ago • 3 comments

I'm working on an application that uses Poco to unzip an archive. In testing my code to ensure I catch exceptions thrown from Poco::Zip::ZipArchive, I'm deliberately hacking a zip file to change the local file header signature to be something else and using that to unzip. However, in ZipArchive::parse(), this is not detected and just skipped as part of the ZipUtil::sync() call that was introduced in 19b168516c.

townsend2010 avatar Apr 26 '21 14:04 townsend2010

As further proof that 19b168516ce6 caused this regression, if I remove https://github.com/pocoproject/poco/blob/3fc3e5f5b8462f7666952b43381383a79b8b5d92/Zip/src/ZipArchive.cpp#L110, then I do get the exception if I "corrupt" the header signature.

townsend2010 avatar Apr 26 '21 14:04 townsend2010

This issue is stale because it has been open for 365 days with no activity.

github-actions[bot] avatar Jun 16 '22 03:06 github-actions[bot]

This issue was closed because it has been inactive for 60 days since being marked as stale.

github-actions[bot] avatar Aug 15 '22 03:08 github-actions[bot]

This issue was closed because it has been inactive for 60 days since being marked as stale.

github-actions[bot] avatar Oct 15 '22 03:10 github-actions[bot]