[issue31175] Exception while extracting file from ZIP with non-matching file name in central directory
Tarmo Randel
report at bugs.python.org
Thu Aug 10 09:05:08 EDT 2017
New submission from Tarmo Randel:
The problem: miscreants are modifying ZIP file header parts so, that Python based automated analysis tools are unable to process the contents of the ZIP file but intended clients are able to open the file and extract the possibly malicious contents.
Github pull request contains patch addressing the issue so that developer can make conscious decision to allow extraction process to complete. Quite important feature for security researchers.
----------
components: Library (Lib)
files: ZIP_filename_confusion.pdf
messages: 300080
nosy: zyxtarmo
priority: normal
pull_requests: 3094
severity: normal
status: open
title: Exception while extracting file from ZIP with non-matching file name in central directory
type: behavior
versions: Python 2.7
Added file: http://bugs.python.org/file47073/ZIP_filename_confusion.pdf
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue31175>
_______________________________________
More information about the Python-bugs-list
mailing list