Bug#563942: kdelibs: kgpg produces corrupted zip files caused by wrong encoding of umlauts in kzip

Wed, 06 Jan 2010 06:27:14 -0800 

Package: kdelibs
Version: 4:3.5.10.dfsg.1-0lenny3
Severity: grave
Tags: patch
Justification: causes non-serious data loss

kgpg and all other applications that are creating zip files via kzip are 
producing corrupted zip files if a filename includes e.g. a german umlaut like 
'รถ'. This is caused by an wrong encoding in KZip::doneWriting(int).
To reproduce this behaviour create a folder with an umlaut and drop it to the 
kgpg trayicon. In the upcoming dialog zip as compression method has to be 
chosen. After encrypting and saving the zip file it must be decrypted to get 
the plain zip file. In case of having a umlaut in a foldername this file is 
corruped.

This bug leads to important data loss if a user wants to backup folders 
securely with kgpg. In an extreme case the user deletes the folder before he 
checks the integrity of the encrypted zip file. 

-- System Information:
Debian Release: 5.0.3
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.29.4-id1-k8-9 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages kdelibs depends on:
ii  kdelibs-data     4:3.5.10.dfsg.1-0lenny3 core shared data for all KDE appli
ii  kdelibs4c2a      4:3.5.10.dfsg.1-0lenny3 core libraries and binaries for al

kdelibs recommends no packages.

kdelibs suggests no packages.

-- no debconf information

Index: kio/kio/kzip.cpp
===================================================================
--- kio/kio/kzip.cpp	(revision 1065516)
+++ kio/kio/kzip.cpp	(revision 1065517)
@@ -954,8 +954,8 @@
         buffer[ 26 ] = char(mysize >> 16);
         buffer[ 27 ] = char(mysize >> 24);
 
-        buffer[ 28 ] = char(it.current()->path().length()); // filename length
-        buffer[ 29 ] = char(it.current()->path().length() >> 8);
+        buffer[ 28 ] = char(path.length()); // filename length
+        buffer[ 29 ] = char(path.length() >> 8);
 
 	buffer[ 30 ] = char(extra_field_len);
 	buffer[ 31 ] = char(extra_field_len >> 8);
@@ -1294,9 +1294,10 @@
     if ( d->m_extraField == ModificationTime )
         extra_field_len = 17;	// value also used in doneWriting()
 
+    const QCString encodedName = QFile::encodeName(d->m_currentFile->path());
     int csize = device()->at() -
         d->m_currentFile->headerStart() - 30 -
-		d->m_currentFile->path().length() - extra_field_len;
+        encodedName.length() - extra_field_len;
     d->m_currentFile->setCompressedSize(csize);
     //kdDebug(7040) << "usize: " << d->m_currentFile->size() << endl;
     //kdDebug(7040) << "csize: " << d->m_currentFile->compressedSize() << endl;

Reply via email to