New submission from Jack Cushman:
This bug arises when attempting to unzip a password-protected zipfile using the
wrong password.
Usually when zipfile extraction is attempted with an incorrect password,
zipfile raise `RuntimeError("Bad password for file")`. But for a small subset
of passwords (about .4% of possible passwords), it instead raises
`BadZipfile("Bad CRC-32 for file")`.
Attached is a script that attempts to decrypt a zip file using every 3-letter
uppercase password. (This assumes you have first created the zip file, by
running something like: `echo "stuff" > /tmp/foo.txt; zip -e -P password
/tmp/foo.zip /tmp/foo.txt`.)
The specific passwords that trigger the wrong exception will vary each time the
zip file is created. On my system, for a particular zip file, the result is
this output:
BadZipFile b'ACB'
BadZipFile b'AMJ'
BadZipFile b'ASL'
BadZipFile b'AZV'
BadZipFile b'BCI'
BadZipFile b'BMV'
BadZipFile b'BQG'
BadZipFile b'BRB'
BadZipFile b'BYH'
BadZipFile b'CHU'
BadZipFile b'CTV'
BadZipFile b'DEF'
BadZipFile b'DHJ'
BadZipFile b'DSR'
BadZipFile b'EWG'
BadZipFile b'GOK'
BadZipFile b'GUK'
BadZipFile b'HGL'
BadZipFile b'HPV'
BadZipFile b'IAC'
BadZipFile b'IGQ'
BadZipFile b'IHG'
BadZipFile b'ILB'
BadZipFile b'IRJ'
BadZipFile b'JDW'
BadZipFile b'JIT'
BadZipFile b'JMK'
BadZipFile b'JPD'
BadZipFile b'JWL'
BadZipFile b'JXS'
BadZipFile b'KAR'
BadZipFile b'KKH'
BadZipFile b'LNW'
BadZipFile b'MEL'
BadZipFile b'NDY'
BadZipFile b'NFJ'
BadZipFile b'NLU'
BadZipFile b'NQU'
BadZipFile b'OXC'
BadZipFile b'PHA'
BadZipFile b'PQY'
BadZipFile b'QCN'
BadZipFile b'QFT'
BadZipFile b'QMB'
BadZipFile b'QWZ'
BadZipFile b'QYS'
BadZipFile b'RBR'
BadZipFile b'SKU'
BadZipFile b'SLG'
BadZipFile b'STU'
BadZipFile b'SUP'
BadZipFile b'UCD'
BadZipFile b'UOA'
BadZipFile b'UQM'
BadZipFile b'VAO'
BadZipFile b'VEQ'
BadZipFile b'VJW'
BadZipFile b'VVH'
BadZipFile b'WDA'
BadZipFile b'XCR'
BadZipFile b'XIY'
BadZipFile b'XLG'
BadZipFile b'YJA'
BadZipFile b'YMA'
BadZipFile b'YRB'
BadZipFile b'ZHT'
BadZipFile b'ZVJ'
BadZipFile b'ZWR'
BadZipFile b'ZZT'
69 out of 17576 passwords raise BadZipFile
Versions:
I reproduced this in Python 2.7.10 and 3.6.0, using a zip file created on Mac
OS 10.12.3 with this zip version:
$ zip --version
Copyright (c) 1990-2008 Info-ZIP - Type 'zip "-L"' for software license.
This is Zip 3.0 (July 5th 2008), by Info-ZIP.
Compiled with gcc 4.2.1 Compatible Apple LLVM 8.0.0 (clang-800.0.34) for Unix
(Mac OS X) on Jul 30 2016.
----------
components: Library (Lib)
files: fail.py
messages: 289132
nosy: jcushman
priority: normal
severity: normal
status: open
title: zipfile raises wrong exception for some incorrect passwords
type: behavior
versions: Python 2.7, Python 3.6
Added file: http://bugs.python.org/file46706/fail.py
_______________________________________
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/issue29739>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
