------------------------------------------------------------
revno: 3284
committer: poy <[email protected]>
branch nick: trunk
timestamp: Thu 2013-05-02 23:52:03 +0200
message:
fiddle with ZIP restrictions
modified:
Plugin format (dcext).txt
dcpp/Archive.cpp
--
lp:dcplusplus
https://code.launchpad.net/~dcplusplus-team/dcplusplus/trunk
Your team Dcplusplus-team is subscribed to branch lp:dcplusplus.
To unsubscribe from this branch go to
https://code.launchpad.net/~dcplusplus-team/dcplusplus/trunk/+edit-subscription
=== modified file 'Plugin format (dcext).txt'
--- Plugin format (dcext).txt 2013-05-02 19:58:57 +0000
+++ Plugin format (dcext).txt 2013-05-02 21:52:03 +0000
@@ -15,13 +15,13 @@
Shared extensions are fine for testing but impractical to distribute and to have users install.
Therefore, a DC plugin is preferably packaged as a .dcext file.
-A .dcext file is a ZIP archive, as defined by PKWARE's APPNOTE, either uncompressed or compressed
-with DEFLATE, with the following restrictions:
+A .dcext file is a ZIP archive, as defined by PKWARE's APPNOTE, either uncompressed (method 0) or
+compressed with DEFLATE (method 8), with the following restrictions:
- No encryption.
- No streaming / splitting / spanning.
-- No extension / extra fields.
- No manifest file.
- No character outside of the ASCII range in file names.
+- Extensions / extra fields and comments are allowed but shall be ignored.
That archive must contain an XML file named "info.xml" at its root, whose contents shall validate
against the schemas/dcext.xsd schema.
=== modified file 'dcpp/Archive.cpp'
--- dcpp/Archive.cpp 2013-05-02 19:58:57 +0000
+++ dcpp/Archive.cpp 2013-05-02 21:52:03 +0000
@@ -48,8 +48,14 @@
if(check(unzGoToFirstFile(file)) != UNZ_OK) { return; }
do {
+ unz_file_info info;
char pathBuf[MAX_PATH];
- if(check(unzGetCurrentFileInfo(file, nullptr, pathBuf, MAX_PATH, nullptr, 0, nullptr, 0)) != UNZ_OK) { continue; }
+ if(check(unzGetCurrentFileInfo(file, &info, pathBuf, MAX_PATH, nullptr, 0, nullptr, 0)) != UNZ_OK) { continue; }
+
+ if(info.compression_method != 0 /* uncompressed */ && info.compression_method != 8 /* DEFLATE */) {
+ throw Exception(_("Invalid archive"));
+ }
+
if(check(unzOpenCurrentFile(file)) != UNZ_OK) { continue; }
string path_out(pathBuf);
_______________________________________________
Mailing list: https://launchpad.net/~linuxdcpp-team
Post to : [email protected]
Unsubscribe : https://launchpad.net/~linuxdcpp-team
More help : https://help.launchpad.net/ListHelp
