Hi,

I found rubyzip 0.5.4 fails on a zip file with with extra
bytes, e.g., some virus attachments.  Yes, it would be an
incorrect file, but who can expect correct behaviors from virus
kiddies?

  $ zipinfo -1 textfile.zip
  textfile.htm.exe

  $ ruby-1.8 -Irubyzip -rzip/zip -e 'Zip::ZipFile.foreach(ARGV[0]){|n|p n.name}' textfile.zip
  "textfile.htm.exe"

  $ zipinfo -1 photos.zip
  warning [photos.zip]:  2 extra bytes at beginning or within zipfile
    (attempting to process anyway)
  photos.jpg.exe

  $ ruby-1.8 -Irubyzip -rzip/zip -e 'Zip::ZipFile.foreach(ARGV[0]){|n|p n.name}' photos.zip
  ./rubyzip/zip/zip.rb:717:in `dup': can't dup NilClass (TypeError)
  	from ./rubyzip/zip/zip.rb:717:in `dup'
  	from ./rubyzip/zip/zip.rb:717:in `map'
  	from ./rubyzip/zip/zip.rb:717:in `dup'
  	from ./rubyzip/zip/zip.rb:874:in `initialize'
  	from ./rubyzip/zip/zip.rb:878:in `new'
  	from ./rubyzip/zip/zip.rb:878:in `open'
  	from ./rubyzip/zip/zip.rb:893:in `foreach'
  	from -e:1

And ::VERSION constant has been obsolete already and is no
longer provided in 1.9.

  $ ruby-1.9 -Irubyzip -rzip/zip -e 0
  ./rubyzip/zip/zip.rb:20: uninitialized constant Zip::VERSION (NameError)

Also, only zip/ioextras.rb has CR+LF line codes.


diff -ru2pw zip/ioextras.rb zip.new/ioextras.rb --- zip/ioextras.rb 2004-03-17 02:20:27.000000000 +0900 +++ zip.new/ioextras.rb 2004-03-27 17:55:10.000000000 +0900 @@ -1,5 +1,2 @@ -#!/usr/bin/env ruby - - module IOExtras module FakeIO diff -ru2pw zip/stdrubyext.rb zip.new/stdrubyext.rb --- zip/stdrubyext.rb 2004-01-31 00:07:56.000000000 +0900 +++ zip.new/stdrubyext.rb 2004-03-27 17:53:24.000000000 +0900 @@ -1,3 +1,3 @@ -unless Enumerable.instance_methods(true).include?("inject") +unless Enumerable.method_defined?(:inject) module Enumerable #:nodoc:all def inject(n = 0) @@ -16,5 +16,5 @@ module Enumerable #:nodoc:all end -unless Object.instance_methods(true).include?("object_id") +unless Object.method_defined?(:object_id) class Object # Using object_id which is the new thing, so we need @@ -35,10 +35,9 @@ end class String def starts_with(aString) - slice(0, aString.size) == aString + rindex(aString.size, 0) end def ends_with(aString) - aStringSize = aString.size - slice(-aStringSize, aStringSize) == aString + index(aString, -aString.size) end diff -ru2pw zip/zip.rb zip.new/zip.rb --- zip/zip.rb 2004-03-26 00:34:43.000000000 +0900 +++ zip.new/zip.rb 2004-03-27 17:54:47.000000000 +0900 @@ -1,7 +1,5 @@ -#!/usr/bin/env ruby - require 'delegate' require 'singleton' -require 'zip/tempfile_bugfixed' +require 'tempfile' require 'ftools' require 'zlib' @@ -10,4 +8,9 @@ require 'zip/ioextras' +if Tempfile.superclass == SimpleDelegator + require 'zip/tempfile_bugfixed' + Tempfile = BugFix::Tempfile +end + module Zlib if ! const_defined? :MAX_WBITS @@ -18,5 +21,5 @@ end module Zip - RUBY_MINOR_VERSION = VERSION.split(".")[1].to_i + RUBY_MINOR_VERSION = RUBY_VERSION.split(".")[1].to_i # Ruby 1.7.x compatibility @@ -365,5 +368,5 @@ module Zip end - CENTRAL_DIRECTORY_ENTRY_SIGNATURE = 0x02014b50 + CENTRAL_DIRECTORY_ENTRY_SIGNATURE = "PK\1\2".freeze CDIR_ENTRY_STATIC_HEADER_LENGTH = 46 @@ -374,4 +377,12 @@ module Zip end + unless cdirSignature = staticSizedFieldsBuf.index(CENTRAL_DIRECTORY_ENTRY_SIGNATURE) + raise ZipError, "Zip local header magic not found at location '#{localHeaderOffset}'" + end + if cdirSignature > 0 + staticSizedFieldsBuf[0, cdirSignature] = "" + staticSizedFieldsBuf << io.read(cdirSignature) + end + cdirSignature , @version , # version of encoding software @@ -396,7 +407,4 @@ module Zip @comment = staticSizedFieldsBuf.unpack('VCCvvvvvVVVvvvvvVV') - unless (cdirSignature == CENTRAL_DIRECTORY_ENTRY_SIGNATURE) - raise ZipError, "Zip local header magic not found at location '#{localHeaderOffset}'" - end set_time(lastModDate, lastModTime) @@ -1069,5 +1077,5 @@ module Zip def get_tempfile - tempFile = BugFix::Tempfile.new(File.basename(name), File.dirname(name)) + tempFile = Tempfile.new(File.basename(name), File.dirname(name)) tempFile.binmode tempFile @@ -1119,5 +1127,5 @@ module Zip def initialize(entry) super(entry) - @tempFile = BugFix::Tempfile.new(File.basename(name), File.dirname(zipfile)) + @tempFile = Tempfile.new(File.basename(name), File.dirname(zipfile)) @tempFile.binmode end diff -ru2pw zip/zipfilesystem.rb zip.new/zipfilesystem.rb --- zip/zipfilesystem.rb 2004-01-31 00:07:56.000000000 +0900 +++ zip.new/zipfilesystem.rb 2004-03-27 17:54:39.000000000 +0900 @@ -1,4 +1,2 @@ -#!/usr/bin/env ruby - require 'zip/zip' diff -ru2pw zip/ziprequire.rb zip.new/ziprequire.rb --- zip/ziprequire.rb 2003-08-21 22:54:33.000000000 +0900 +++ zip.new/ziprequire.rb 2004-03-27 17:54:30.000000000 +0900 @@ -1,4 +1,2 @@ -#!/usr/bin/env ruby - require 'zip/zip'
-- Nobu Nakada