[Linuxdcpp-team] [Branch ~dcplusplus-team/dcplusplus/trunk] Rev 3284: fiddle with ZIP restrictions

[noreply]

------------------------------------------------------------
revno: 3284
committer: poy <p...@123gen.com>
branch nick: trunk
timestamp: Thu 2013-05-02 23:52:03 +0200
message:
  fiddle with ZIP restrictions
modified:
  Plugin format (dcext).txt
  dcpp/Archive.cpp


--
lp:dcplusplus
https://code.launchpad.net/~dcplusplus-team/dcplusplus/trunk

Your team Dcplusplus-team is subscribed to branch lp:dcplusplus.
To unsubscribe from this branch go to 
https://code.launchpad.net/~dcplusplus-team/dcplusplus/trunk/+edit-subscription

=== modified file 'Plugin format (dcext).txt'
--- Plugin format (dcext).txt	2013-05-02 19:58:57 +0000
+++ Plugin format (dcext).txt	2013-05-02 21:52:03 +0000
@@ -15,13 +15,13 @@
 Shared extensions are fine for testing but impractical to distribute and to have users install.
 Therefore, a DC plugin is preferably packaged as a .dcext file.
 
-A .dcext file is a ZIP archive, as defined by PKWARE's APPNOTE, either uncompressed or compressed
-with DEFLATE, with the following restrictions:
+A .dcext file is a ZIP archive, as defined by PKWARE's APPNOTE, either uncompressed (method 0) or
+compressed with DEFLATE (method 8), with the following restrictions:
 - No encryption.
 - No streaming / splitting / spanning.
-- No extension / extra fields.
 - No manifest file.
 - No character outside of the ASCII range in file names.
+- Extensions / extra fields and comments are allowed but shall be ignored.
 
 That archive must contain an XML file named "info.xml" at its root, whose contents shall validate
 against the schemas/dcext.xsd schema.

=== modified file 'dcpp/Archive.cpp'
--- dcpp/Archive.cpp	2013-05-02 19:58:57 +0000
+++ dcpp/Archive.cpp	2013-05-02 21:52:03 +0000
@@ -48,8 +48,14 @@
 	if(check(unzGoToFirstFile(file)) != UNZ_OK) { return; }
 
 	do {
+		unz_file_info info;
 		char pathBuf[MAX_PATH];
-		if(check(unzGetCurrentFileInfo(file, nullptr, pathBuf, MAX_PATH, nullptr, 0, nullptr, 0)) != UNZ_OK) { continue; }
+		if(check(unzGetCurrentFileInfo(file, &info, pathBuf, MAX_PATH, nullptr, 0, nullptr, 0)) != UNZ_OK) { continue; }
+
+		if(info.compression_method != 0 /* uncompressed */ && info.compression_method != 8 /* DEFLATE */) {
+			throw Exception(_("Invalid archive"));
+		}
+
 		if(check(unzOpenCurrentFile(file)) != UNZ_OK) { continue; }
 
 		string path_out(pathBuf);


_______________________________________________
Mailing list: https://launchpad.net/~linuxdcpp-team
Post to     : linuxdcpp-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~linuxdcpp-team
More help   : https://help.launchpad.net/ListHelp