Issue 26319: Check recData size before unpack in zipfile (original) (raw)

Encountered on version: 2.7.3 Exception message: "error: unpack requires a string argument of length 22"

Stack trace: ... elif zipfile.is_zipfile(_file):> File "/usr/lib/python2.7/zipfile.py", line 152, in is_zipfile> result = _check_zipfile(fp)> File "/usr/lib/python2.7/zipfile.py", line 135, in _check_zipfile> if _EndRecData(fp):> File "/usr/lib/python2.7/zipfile.py", line 238, in _EndRecData> endrec = list(struct.unpack(structEndArchive, recData))>

Check the size of recData before unpacking. ... 237: recData = data[start:start+sizeEndCentDir] 238: endrec = list(struct.unpack(structEndArchive, recData))

The bug was not noticing the length mismatch caused by a corrupt zip file. It is already fixed. The last link in your message opens https://hg.python.org/cpython/file/2.7/Lib/zipfile.py#l238. A few lines further, the code now has an added guard.

    recData = data[start:start+sizeEndCentDir]
    if len(recData) != sizeEndCentDir:
        # Zip file is corrupted.
        return None
    endrec = list(struct.unpack(structEndArchive, recData))

When reporting a bug, please test on the currect release (ie, 2.7.11). If this is not possible, and you have the specific traceback as here, one could look at the current code online. Go to hg.python.org/cpython, select version in the sidebar, select 'Browse' in the sidebar, and then, in this case, /Lib and zipfile.py.