aboutsummaryrefslogtreecommitdiff
path: root/src/archive/zip/reader.go
AgeCommit message (Collapse)Author
2021-05-28[release-branch.go1.15] archive/zip: only preallocate File slice if ↵Roland Shoemaker
reasonably sized Since the number of files in the EOCD record isn't validated, it isn't safe to preallocate Reader.Files using that field. A malformed archive can indicate it contains up to 1 << 128 - 1 files. We can still safely preallocate the slice by checking if the specified number of files in the archive is reasonable, given the size of the archive. Thanks to the OSS-Fuzz project for discovering this issue and to Emmanuel Odeke for reporting it. Updates #46242 Fixes #46396 Fixes CVE-2021-33196 Change-Id: I3c76d8eec178468b380d87fdb4a3f2cb06f0ee76 Reviewed-on: https://go-review.googlesource.com/c/go/+/318909 Trust: Roland Shoemaker <roland@golang.org> Trust: Katie Hockman <katie@golang.org> Trust: Joe Tsai <thebrokentoaster@gmail.com> Run-TryBot: Roland Shoemaker <roland@golang.org> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Katie Hockman <katie@golang.org> Reviewed-by: Joe Tsai <thebrokentoaster@gmail.com> (cherry picked from commit 74242baa4136c7a9132a8ccd9881354442788c8c) Reviewed-on: https://go-review.googlesource.com/c/go/+/322949 Reviewed-by: Filippo Valsorda <filippo@golang.org>
2019-08-27archive/zip: remove unused special caseAndrew Gerrand
This removes a special case that was added to fix issue #10956, but that was never actually effective. The code in the test case still fails to read, so perhaps the zip64 support added in CL 6463050 inadvertently caught this particular case. It's possible that the original theorized bug still exists, but I'm not convinced it was ever fixed. Update #28700 Change-Id: I4854de616364510f64a6def30b308686563f8dbb Reviewed-on: https://go-review.googlesource.com/c/go/+/179757 Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2018-08-21archive/zip: return error from NewReader when negative size is passedJeet Parekh
Fixes #26589 Change-Id: I180883a13cec229093654004b42c48d76ee20272 GitHub-Last-Rev: 2d9879de43fbcfb413116d69accdade6bc042c97 GitHub-Pull-Request: golang/go#26667 Reviewed-on: https://go-review.googlesource.com/126617 Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org> Run-TryBot: Joe Tsai <thebrokentoaster@gmail.com> TryBot-Result: Gobot Gobot <gobot@golang.org>
2018-02-23archive/zip: fix handling of Info-ZIP Unix extended timestampsJoe Tsai
The Info-ZIP Unix1 extra field is specified as such: >>> Value Size Description ----- ---- ----------- 0x5855 Short tag for this extra block type ("UX") TSize Short total data size for this block AcTime Long time of last access (GMT/UTC) ModTime Long time of last modification (GMT/UTC) <<< The previous handling was incorrect in that it read the AcTime field instead of the ModTime field. The test-osx.zip test unfortunately locked in the wrong behavior. Manually parsing that ZIP file shows that the encoded MS-DOS date and time are 0x4b5f and 0xa97d, which corresponds with a date of 2017-10-31 21:11:58, which matches the correct mod time (off by 1 second due to MS-DOS timestamp resolution). Fixes #23901 Change-Id: I567824c66e8316b9acd103dbecde366874a4b7ef Reviewed-on: https://go-review.googlesource.com/96895 Run-TryBot: Joe Tsai <joetsai@google.com> Reviewed-by: Ian Lance Taylor <iant@golang.org>
2017-11-10archive/zip: use Time.UTC instead of Time.In(time.UTC)Joe Tsai
The former is more succinct and readable. Change-Id: Ic249d1261a705ad715aeb611c70c7fa91db98254 Reviewed-on: https://go-review.googlesource.com/76830 Run-TryBot: Joe Tsai <thebrokentoaster@gmail.com> Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org>
2017-11-06archive/zip: add FileHeader.NonUTF8 fieldJoe Tsai
The NonUTF8 field provides users with a way to explictly tell the ZIP writer to avoid setting the UTF-8 flag. This is necessary because many readers: 1) (Still) do not support UTF-8 2) And use the local system encoding instead Thus, even though character encodings other than CP-437 and UTF-8 are not officially supported by the ZIP specification, pragmatically the world has permitted use of them. When a non-standard encoding is used, it is the user's responsibility to ensure that the target system is expecting the encoding used (e.g., producing a ZIP file you know is used on a Chinese version of Windows). We adjust the detectUTF8 function to account for Shift-JIS and EUC-KR not being identical to ASCII for two characters. We don't need an API for users to explicitly specify that they are encoding with UTF-8 since all single byte characters are compatible with all other common encodings (Windows-1256, Windows-1252, Windows-1251, Windows-1250, IEC-8859, EUC-KR, KOI8-R, Latin-1, Shift-JIS, GB-2312, GBK) except for the non-printable characters and the backslash character (all of which are invalid characters in a path name anyways). Fixes #10741 Change-Id: I9004542d1d522c9137973f1b6e2b623fa54dfd66 Reviewed-on: https://go-review.googlesource.com/75592 Run-TryBot: Joe Tsai <thebrokentoaster@gmail.com> Reviewed-by: Ian Lance Taylor <iant@golang.org>
2017-11-06archive/zip: add FileHeader.Modified fieldJoe Tsai
The ModifiedTime and ModifiedDate fields are not expressive enough for many of the time extensions that have since been added to ZIP, nor are they easy to access since they in a legacy MS-DOS format, and must be set and retrieved via the SetModTime and ModTime methods. Instead, we add new field Modified of time.Time type that contains all of the previous information and more. Support for extended timestamps have been attempted before, but the change was reverted because it provided no ability for the user to specify the timezone of the legacy MS-DOS fields. Technically the old API did not either, but users were manually offsetting the timestamp to achieve the same effect. The Writer now writes the legacy timestamps according to the timezone of the FileHeader.Modified field. When the Modified field is set via the SetModTime method, it is in UTC, which preserves the old behavior. The Reader attempts to determine the timezone if both the legacy and extended timestamps are present since it can compute the delta between the two values. Since Modified is a superset of the information in ModifiedTime and ModifiedDate, we mark ModifiedTime, ModifiedDate, ModTime, and SetModTime as deprecated. Fixes #18359 Change-Id: I29c6bc0a62908095d02740df3e6902f50d3152f1 Reviewed-on: https://go-review.googlesource.com/74970 Run-TryBot: Joe Tsai <thebrokentoaster@gmail.com> Reviewed-by: Ian Lance Taylor <iant@golang.org>
2017-09-15all: fix article typosKunpei Sakai
a -> an Change-Id: I7362bdc199e83073a712be657f5d9ba16df3077e Reviewed-on: https://go-review.googlesource.com/63850 Reviewed-by: Rob Pike <r@golang.org>
2016-12-20Revert: "archive/zip: handle mtime in NTFS/UNIX/ExtendedTS extra fields"Joe Tsai
This change reverts the following CLs: CL/18274: handle mtime in NTFS/UNIX/ExtendedTS extra fields CL/30811: only use Extended Timestamp on non-zero MS-DOS timestamps We are reverting support for extended timestamps since the support was not not complete. CL/18274 added full support for reading extended timestamp fields and minimal support for writing them. CL/18274 is incomplete because it made no changes to the FileHeader struct, so timezone information was lost when reading and/or writing. While CL/18274 was a step in the right direction, we should provide full support for high precision timestamps in both the reader and writer. This will probably require that we add a new field of type time.Time. The complete fix is too involved to add in the time remaining for Go 1.8 and will be completed in Go 1.9. Updates #10242 Updates #17403 Updates #18359 Fixes #18378 Change-Id: Icf6d028047f69379f7979a29bfcb319a02f4783e Reviewed-on: https://go-review.googlesource.com/34651 Run-TryBot: Joe Tsai <thebrokentoaster@gmail.com> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2016-10-06archive/zip: handle mtime in NTFS/UNIX/ExtendedTS extra fieldsYasuhiro Matsumoto
Handle NTFS timestamp, UNIX timestamp, Extended extra timestamp. Writer supports only Extended extra timestamp field, matching most zip creators. Fixes #10242. Change-Id: Id665db274e63def98659231391fb77392267ac1e Reviewed-on: https://go-review.googlesource.com/18274 Run-TryBot: Russ Cox <rsc@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Russ Cox <rsc@golang.org>
2016-04-13all: use new io.SeekFoo constants instead of os.SEEK_FOOBrad Fitzpatrick
Automated change. Fixes #15269 Change-Id: I8deb2ac0101d3f7c390467ceb0a1561b72edbb2f Reviewed-on: https://go-review.googlesource.com/21962 Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org> Reviewed-by: Andrew Gerrand <adg@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org>
2016-02-29all: remove public named return values when uselessBrad Fitzpatrick
Named returned values should only be used on public funcs and methods when it contributes to the documentation. Named return values should not be used if they're only saving the programmer a few lines of code inside the body of the function, especially if that means there's stutter in the documentation or it was only there so the programmer could use a naked return statement. (Naked returns should not be used except in very small functions) This change is a manual audit & cleanup of public func signatures. Signatures were not changed if: * the func was private (wouldn't be in public godoc) * the documentation referenced it * the named return value was an interesting name. (i.e. it wasn't simply stutter, repeating the name of the type) There should be no changes in behavior. (At least: none intended) Change-Id: I3472ef49619678fe786e5e0994bdf2d9de76d109 Reviewed-on: https://go-review.googlesource.com/20024 Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Andrew Gerrand <adg@golang.org>
2016-02-02archive/zip: handle pre-zip64 zip files containing 2³²-1-byte contentRuss Cox
This corrects a regression from Go 1.5 introduced by CL 18317. Fixes #14185. Change-Id: Ic3215714846d9f28809cd04e3eb3664b599244f4 Reviewed-on: https://go-review.googlesource.com/19151 Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2016-01-27archive/zip: clarify expectations of RegisterCompressor and RegisterDecompressorJoe Tsai
Clarify that Compressor and Decompressor callbacks must support being invoked concurrently, but that the writer or reader returned need not be. Updates #8359 Change-Id: Ia407b581dd124185f165c25f5701018a8ce4357a Reviewed-on: https://go-review.googlesource.com/18627 Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org> Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
2016-01-07archive/zip: fix reading, writing of zip64 archivesRuss Cox
Read zip files that contain only 64-bit header offset, not 64-bit sizes. Fixes #13367. Read zip files that contain completely unexpected Extra fields, provided we do not need to find 64-bit size or header offset information there. Fixes #13166. Write zip file entries with 0xFFFFFFFF uncompressed data bytes correctly (must use zip64 header, since that's the magic indicator). Fixes new TestZip64EdgeCase. (Noticed while working on the CL.) Change-Id: I84a22b3995fafab8052b99de8094a9f35a25de5b Reviewed-on: https://go-review.googlesource.com/18317 Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2015-12-01archive/zip: enable overriding (de)compressors per fileColin Cross
Implement setting the compression level for a zip archive by registering a per-Writer compressor through Writer.RegisterCompressor. If no compressors are registered, fall back to the ones registered at the package level. Also implements per-Reader decompressors. Fixes #8359 Change-Id: I93b27c81947b0f817b42e0067aa610ff267fdb21 Reviewed-on: https://go-review.googlesource.com/16669 Reviewed-by: Joe Tsai <joetsai@digital-static.net> Run-TryBot: Joe Tsai <joetsai@digital-static.net> Reviewed-by: Klaus Post <klauspost@gmail.com> Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2015-09-11archive/zip: fixes unexpected EOF when reading archivealexander demakin
If comment of the archive contains data which looks like a zip64 directory, the comment is parsed as an actual directory header. Commit adds some additional checks similar to the checks in minizip library. Fixes #12449 Change-Id: Ia0fc950e47b9c39f77d88401b9ca30100ca7c808 Reviewed-on: https://go-review.googlesource.com/14433 Run-TryBot: Andrew Gerrand <adg@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Andrew Gerrand <adg@golang.org>
2015-06-14archive/zip: fix returned error on truncated data descriptorMichael Gehring
Return io.ErrUnexpectedEOF instead of io.EOF when reading a truncated data descriptor. Fixes #11146. Change-Id: Ia1905955165fd38af3c557d1fa1703ed8be893e2 Reviewed-on: https://go-review.googlesource.com/11070 Reviewed-by: Andrew Gerrand <adg@golang.org>
2015-05-27archive/zip: sanity check the TOC's declared number of filesBrad Fitzpatrick
Fixes #10956 Change-Id: If8517094f04250c4f722e1e899a237eb6e170eb9 Reviewed-on: https://go-review.googlesource.com/10421 Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org> Reviewed-by: Andrew Gerrand <adg@golang.org>
2015-05-26archive/zip: verify number of File bytes read at EOFBrad Fitzpatrick
Fixes #10957 Change-Id: I75fe25133dfcebd1682a8058b1c354ec894cc997 Reviewed-on: https://go-review.googlesource.com/10384 Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org> Reviewed-by: Andrew Gerrand <adg@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org>
2014-09-08build: move package sources from src/pkg to srcRuss Cox
Preparation was in CL 134570043. This CL contains only the effect of 'hg mv src/pkg/* src'. For more about the move, see golang.org/s/go14nopkg.