From fbe2d30ee135b5f63f48b68f03fa9e9f970915c0 Mon Sep 17 00:00:00 2001 From: Pat Thoyts Date: Wed, 21 Jan 2009 23:39:12 +0000 Subject: [PATCH] [Bug 2256740] handle nested zip files robustly by ensuring we seek to the outermost directory marker. --- ChangeLog | 7 +++++++ library/zipvfs.tcl | 10 ++++++++-- pkgIndex.tcl.in | 2 +- 3 files changed, 16 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 3bbf1c4..8bfb418 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,10 @@ +2009-01-21 Andreas Kupries + + * pkgIndex.tcl.in: Incremented version of vfs::zip + * library/zipvfs.tcl (zip::EndOfArchive): Fixed Schelte Bron's + [Bug 2256740]. Trigger on outermost magic sequence, not an inner + sequence from a n uncompressed zip archive stored in the zip. + 2008-12-22 Pat Thoyts * library/mk4vfs.tcl: Fix vfs::ztream to support 8.6 core zlib diff --git a/library/zipvfs.tcl b/library/zipvfs.tcl index 669bf44..14c3ab6 100644 --- a/library/zipvfs.tcl +++ b/library/zipvfs.tcl @@ -1,6 +1,6 @@ # Removed provision of the backward compatible name. Moved to separate # file/package. -package provide vfs::zip 1.0.2 +package provide vfs::zip 1.0.3 package require vfs @@ -380,7 +380,13 @@ proc zip::EndOfArchive {fd arr} { seek $fd $n end set hdr [read $fd $len] - set pos [string first "PK\05\06" $hdr] + + # We are using 'string last' as we are searching the first + # from the end, which is the last from the beginning. See [SF + # Bug 2256740]. A zip archive stored in a zip archive can + # confuse the unmodified code, triggering on the magic + # sequence for the inner, uncompressed archive. + set pos [string last "PK\05\06" $hdr] if {$pos == -1} { if {$at >= $sz} { return -code error "no header found" diff --git a/pkgIndex.tcl.in b/pkgIndex.tcl.in index cf7c4d3..39f6a87 100644 --- a/pkgIndex.tcl.in +++ b/pkgIndex.tcl.in @@ -35,7 +35,7 @@ package ifneeded vfslib 1.4 [list source [file join $dir vfslib.tcl]] # New, for the old, keep version numbers synchronized. package ifneeded vfs::mk4 1.10.1 [list source [file join $dir mk4vfs.tcl]] -package ifneeded vfs::zip 1.0.2 [list source [file join $dir zipvfs.tcl]] +package ifneeded vfs::zip 1.0.3 [list source [file join $dir zipvfs.tcl]] # New package ifneeded vfs::ftp 1.0 [list source [file join $dir ftpvfs.tcl]] -- 2.23.0