diff options
| author | shadchin <shadchin@yandex-team.com> | 2024-02-07 09:25:06 +0300 |
|---|---|---|
| committer | shadchin <shadchin@yandex-team.com> | 2024-02-07 09:40:03 +0300 |
| commit | 3139d9ab6df2a7014d19b87582466d17b4f496e2 (patch) | |
| tree | 7fcb26a72dac212aa26beaaa7cd769fb1e396b5e /contrib/tools/python3/src/Lib/zipfile.py | |
| parent | 4c04a8d1e278e6ca7ff16c11b74b2f16fc144253 (diff) | |
| download | ydb-3139d9ab6df2a7014d19b87582466d17b4f496e2.tar.gz | |
Update Python 3 to 3.11.8
Diffstat (limited to 'contrib/tools/python3/src/Lib/zipfile.py')
| -rw-r--r-- | contrib/tools/python3/src/Lib/zipfile.py | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/contrib/tools/python3/src/Lib/zipfile.py b/contrib/tools/python3/src/Lib/zipfile.py index 6189db5e3e..058d7163ea 100644 --- a/contrib/tools/python3/src/Lib/zipfile.py +++ b/contrib/tools/python3/src/Lib/zipfile.py @@ -367,6 +367,7 @@ class ZipInfo (object): 'compress_size', 'file_size', '_raw_time', + '_end_offset', ) def __init__(self, filename="NoName", date_time=(1980,1,1,0,0,0)): @@ -408,6 +409,7 @@ class ZipInfo (object): self.external_attr = 0 # External file attributes self.compress_size = 0 # Size of the compressed file self.file_size = 0 # Size of the uncompressed file + self._end_offset = None # Start of the next local header or central directory # Other attributes are set by class ZipFile: # header_offset Byte offset to the file header # CRC CRC-32 of the uncompressed file @@ -1437,6 +1439,12 @@ class ZipFile: if self.debug > 2: print("total", total) + end_offset = self.start_dir + for zinfo in sorted(self.filelist, + key=lambda zinfo: zinfo.header_offset, + reverse=True): + zinfo._end_offset = end_offset + end_offset = zinfo.header_offset def namelist(self): """Return a list of file names in the archive.""" @@ -1590,6 +1598,10 @@ class ZipFile: 'File name in directory %r and header %r differ.' % (zinfo.orig_filename, fname)) + if (zinfo._end_offset is not None and + zef_file.tell() + zinfo.compress_size > zinfo._end_offset): + raise BadZipFile(f"Overlapped entries: {zinfo.orig_filename!r} (possible zip bomb)") + # check for encrypted flag & handle password is_encrypted = zinfo.flag_bits & _MASK_ENCRYPTED if is_encrypted: |