Improve handling of malformed zip files #119
Comments
jaraco
added a commit
to jaraco/cpython
that referenced
this issue
Aug 11, 2024
Closes python#122905; Ported from zipp 3.19.1; ref jaraco/zipp#119.
jaraco
added a commit
to python/cpython
that referenced
this issue
Aug 11, 2024
Ported from zipp 3.19.1; ref jaraco/zipp#119.
miss-islington
pushed a commit
to miss-islington/cpython
that referenced
this issue
Aug 11, 2024
Ported from zipp 3.19.1; ref jaraco/zippGH-119. (cherry picked from commit 9cd0326) Co-authored-by: Jason R. Coombs <[email protected]>
miss-islington
pushed a commit
to miss-islington/cpython
that referenced
this issue
Aug 11, 2024
Ported from zipp 3.19.1; ref jaraco/zippGH-119. (cherry picked from commit 9cd0326) Co-authored-by: Jason R. Coombs <[email protected]>
jaraco
added a commit
to jaraco/cpython
that referenced
this issue
Aug 12, 2024
Ported from zipp 3.19.1; ref jaraco/zipp#119. (cherry picked from commit 9cd0326)
jaraco
added a commit
to jaraco/cpython
that referenced
this issue
Aug 12, 2024
) Ported from zipp 3.19.1; ref jaraco/zippGH-119. (cherry picked from commit 9cd0326) Co-authored-by: Jason R. Coombs <[email protected]>
pablogsal
pushed a commit
to python/cpython
that referenced
this issue
Aug 19, 2024
* gh-122905: Sanitize names in zipfile.Path. (#122906) Ported from zipp 3.19.1; ref jaraco/zipp#119. (cherry picked from commit 9cd0326) * [3.11] gh-122905: Sanitize names in zipfile.Path. (GH-122906) Ported from zipp 3.19.1; ref jaraco/zippGH-119. (cherry picked from commit 9cd0326) Co-authored-by: Jason R. Coombs <[email protected]>
jaraco
added a commit
to jaraco/cpython
that referenced
this issue
Aug 19, 2024
…nGH-122906) (pythonGH-122925) * pythongh-122905: Sanitize names in zipfile.Path. (pythonGH-122906) Ported from zipp 3.19.1; ref jaraco/zippGH-119. (cherry picked from commit 9cd0326) * [3.11] pythongh-122905: Sanitize names in zipfile.Path. (pythonGH-122906) Ported from zipp 3.19.1; ref jaraco/zippGH-119. (cherry picked from commit 9cd0326) (cherry picked from commit 795f259) Co-authored-by: Jason R. Coombs <[email protected]>
jaraco
added a commit
to jaraco/cpython
that referenced
this issue
Aug 19, 2024
…GH-122906) (pythonGH-122925) * pythongh-122905: Sanitize names in zipfile.Path. (pythonGH-122906) Ported from zipp 3.19.1; ref jaraco/zippGH-119. (cherry picked from commit 9cd0326) * [3.11] pythongh-122905: Sanitize names in zipfile.Path. (pythonGH-122906) Ported from zipp 3.19.1; ref jaraco/zippGH-119. (cherry picked from commit 9cd0326) (cherry picked from commit 795f259) Co-authored-by: Jason R. Coombs <[email protected]>
blhsing
pushed a commit
to blhsing/cpython
that referenced
this issue
Aug 22, 2024
Ported from zipp 3.19.1; ref jaraco/zipp#119.
pablogsal
pushed a commit
to python/cpython
that referenced
this issue
Aug 22, 2024
[3.10] [3.11] gh-122905: Sanitize names in zipfile.Path. (GH-122906) (GH-122925) * gh-122905: Sanitize names in zipfile.Path. (GH-122906) Ported from zipp 3.19.1; ref jaraco/zippGH-119. (cherry picked from commit 9cd0326) * [3.11] gh-122905: Sanitize names in zipfile.Path. (GH-122906) Ported from zipp 3.19.1; ref jaraco/zippGH-119. (cherry picked from commit 9cd0326) (cherry picked from commit 795f259)
jaraco
added a commit
that referenced
this issue
Aug 26, 2024
…slash. Alternate and more surgical fix for #119. Ref python/cpython#123270
jaraco
added a commit
that referenced
this issue
Aug 26, 2024
…slash. Alternate and more surgical fix for #119. Ref python/cpython#123270
jaraco
added a commit
that referenced
this issue
Aug 26, 2024
…slash. Alternate and more surgical fix for #119. Ref python/cpython#123270
eclipse-oniro-oh-bot
pushed a commit
to eclipse-oniro-mirrors/third_party_python
that referenced
this issue
Aug 30, 2024
…(GH-122925) * gh-122905: Sanitize names in zipfile.Path. (GH-122906) Ported from zipp 3.19.1; ref jaraco/zippGH-119. (cherry picked from commit 9cd03263100ddb1657826cc4a71470786cab3932) * [3.11] gh-122905: Sanitize names in zipfile.Path. (GH-122906) Ported from zipp 3.19.1; ref jaraco/zippGH-119. (cherry picked from commit 9cd03263100ddb1657826cc4a71470786cab3932) (cherry picked from commit 795f2597a4be988e2bb19b69ff9958e981cb894e) Co-authored-by: Jason R. Coombs <[email protected]> Signed-off-by: luming <[email protected]>
eclipse-oniro-oh-bot
pushed a commit
to eclipse-oniro-mirrors/third_party_python
that referenced
this issue
Oct 4, 2024
…(GH-122925) * gh-122905: Sanitize names in zipfile.Path. (GH-122906) Ported from zipp 3.19.1; ref jaraco/zippGH-119. (cherry picked from commit 9cd03263100ddb1657826cc4a71470786cab3932) * [3.11] gh-122905: Sanitize names in zipfile.Path. (GH-122906) Ported from zipp 3.19.1; ref jaraco/zippGH-119. (cherry picked from commit 9cd03263100ddb1657826cc4a71470786cab3932) (cherry picked from commit 795f2597a4be988e2bb19b69ff9958e981cb894e) Co-authored-by: Jason R. Coombs <[email protected]> Signed-off-by: luming <[email protected]>
eclipse-oniro-oh-bot
pushed a commit
to eclipse-oniro-mirrors/third_party_python
that referenced
this issue
Oct 4, 2024
…(GH-122925) * gh-122905: Sanitize names in zipfile.Path. (GH-122906) Ported from zipp 3.19.1; ref jaraco/zippGH-119. (cherry picked from commit 9cd03263100ddb1657826cc4a71470786cab3932) * [3.11] gh-122905: Sanitize names in zipfile.Path. (GH-122906) Ported from zipp 3.19.1; ref jaraco/zippGH-119. (cherry picked from commit 9cd03263100ddb1657826cc4a71470786cab3932) (cherry picked from commit 795f2597a4be988e2bb19b69ff9958e981cb894e) Co-authored-by: Jason R. Coombs <[email protected]> Signed-off-by: luming <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Currently, Path has no special handling for zip files with illegal and malformed names. The handling for such paths in zipfile.ZipFile is only handled during extraction, but is relevant for traversal and inspection and lack of such handling can create unexpected behaviors such as infinite loops.
As reported at huntr.com.
The text was updated successfully, but these errors were encountered: