linuxdcpp-team team mailing list archive

Thread
Date

[Branch ~dcplusplus-team/dcplusplus/trunk] Rev 3284: fiddle with ZIP restrictions

To: LinuxDC++ Team <linuxdcpp-team@xxxxxxxxxxxxxxxxxxx>
From: noreply@xxxxxxxxxxxxx
Date: Thu, 02 May 2013 21:53:17 -0000
Reply-to: noreply@xxxxxxxxxxxxx
Sender: bounces@xxxxxxxxxxxxx

------------------------------------------------------------
revno: 3284
committer: poy <poy@xxxxxxxxxx>
branch nick: trunk
timestamp: Thu 2013-05-02 23:52:03 +0200
message:
  fiddle with ZIP restrictions
modified:
  Plugin format (dcext).txt
  dcpp/Archive.cpp


--
lp:dcplusplus
https://code.launchpad.net/~dcplusplus-team/dcplusplus/trunk

Your team Dcplusplus-team is subscribed to branch lp:dcplusplus.
To unsubscribe from this branch go to https://code.launchpad.net/~dcplusplus-team/dcplusplus/trunk/+edit-subscription

=== modified file 'Plugin format (dcext).txt'
--- Plugin format (dcext).txt	2013-05-02 19:58:57 +0000
+++ Plugin format (dcext).txt	2013-05-02 21:52:03 +0000
@@ -15,13 +15,13 @@
 Shared extensions are fine for testing but impractical to distribute and to have users install.
 Therefore, a DC plugin is preferably packaged as a .dcext file.
 
-A .dcext file is a ZIP archive, as defined by PKWARE's APPNOTE, either uncompressed or compressed
-with DEFLATE, with the following restrictions:
+A .dcext file is a ZIP archive, as defined by PKWARE's APPNOTE, either uncompressed (method 0) or
+compressed with DEFLATE (method 8), with the following restrictions:
 - No encryption.
 - No streaming / splitting / spanning.
-- No extension / extra fields.
 - No manifest file.
 - No character outside of the ASCII range in file names.
+- Extensions / extra fields and comments are allowed but shall be ignored.
 
 That archive must contain an XML file named "info.xml" at its root, whose contents shall validate
 against the schemas/dcext.xsd schema.

=== modified file 'dcpp/Archive.cpp'
--- dcpp/Archive.cpp	2013-05-02 19:58:57 +0000
+++ dcpp/Archive.cpp	2013-05-02 21:52:03 +0000
@@ -48,8 +48,14 @@
 	if(check(unzGoToFirstFile(file)) != UNZ_OK) { return; }
 
 	do {
+		unz_file_info info;
 		char pathBuf[MAX_PATH];
-		if(check(unzGetCurrentFileInfo(file, nullptr, pathBuf, MAX_PATH, nullptr, 0, nullptr, 0)) != UNZ_OK) { continue; }
+		if(check(unzGetCurrentFileInfo(file, &info, pathBuf, MAX_PATH, nullptr, 0, nullptr, 0)) != UNZ_OK) { continue; }
+
+		if(info.compression_method != 0 /* uncompressed */ && info.compression_method != 8 /* DEFLATE */) {
+			throw Exception(_("Invalid archive"));
+		}
+
 		if(check(unzOpenCurrentFile(file)) != UNZ_OK) { continue; }
 
 		string path_out(pathBuf);