Package: fcrackzip Version: 0.3-2 Severity: normal Tags: patch The --use-unzip check for false positives assumes that when unzip returns with a particular non-zero status code, it means the password was found.
Maybe this was true for older versions of unzip, but it isn't now. I've verified that with up-to-date unzip, the only reliable way to tell a password is correct is when status code is 0. Patch attached (tested and known to work). -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.8-2-k7 Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ANSI_X3.4-1968) (ignored: LC_ALL set to C) -- no debconf information
--- fcrackzip-0.3/main.c~ 2005-12-03 11:45:58.000000000 +0100 +++ fcrackzip-0.3/main.c 2005-12-03 11:57:40.088311632 +0100 @@ -69,10 +69,7 @@ status = system (buff); #undef REDIR -/* In case of "stored" items, unzip returns 1. - * In case of wrong password, the returned value is 122. - */ - if ((status == EXIT_SUCCESS) || (WEXITSTATUS(status) == 1)) + if (status == EXIT_SUCCESS) { printf("\n\nPASSWORD FOUND!!!!: pw == %s\n", pw); exit (EXIT_SUCCESS);