Morita, nice work! I was planning on doing the exact same thing after
I straced a running fcrackzip and saw what was going on.
However, I see one problem with your proposed patch. You've left out
the check against unzip returning 1, which according to the comments
in the original code, should be taken to be a successful return as well
as zero.
Related bug report: fcrackzip --use-unzip will fail to run on filenames
that contain a space. The unzip child process will receive only up to
the first space, presumably fail to find that file, and exit with failure.
Thus, fcrackzip will never confirm the password even when it stumbles upon
the correct one.
Francesco, Morita's patch will solve the space intolerance, the single-
quote intolerance, and the possible security hole mentioned in this
thread all in one shot. May I suggest pushing this patch upstream after
putting back in the check for unzip returning 1 (which, is missing, is
solidly arguable grounds for upstream rejecting it)?
Thanks much!
------Carl
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
