New submission from Jack Cushman: This bug arises when attempting to unzip a password-protected zipfile using the wrong password.
Usually when zipfile extraction is attempted with an incorrect password, zipfile raise `RuntimeError("Bad password for file")`. But for a small subset of passwords (about .4% of possible passwords), it instead raises `BadZipfile("Bad CRC-32 for file")`. Attached is a script that attempts to decrypt a zip file using every 3-letter uppercase password. (This assumes you have first created the zip file, by running something like: `echo "stuff" > /tmp/foo.txt; zip -e -P password /tmp/foo.zip /tmp/foo.txt`.) The specific passwords that trigger the wrong exception will vary each time the zip file is created. On my system, for a particular zip file, the result is this output: BadZipFile b'ACB' BadZipFile b'AMJ' BadZipFile b'ASL' BadZipFile b'AZV' BadZipFile b'BCI' BadZipFile b'BMV' BadZipFile b'BQG' BadZipFile b'BRB' BadZipFile b'BYH' BadZipFile b'CHU' BadZipFile b'CTV' BadZipFile b'DEF' BadZipFile b'DHJ' BadZipFile b'DSR' BadZipFile b'EWG' BadZipFile b'GOK' BadZipFile b'GUK' BadZipFile b'HGL' BadZipFile b'HPV' BadZipFile b'IAC' BadZipFile b'IGQ' BadZipFile b'IHG' BadZipFile b'ILB' BadZipFile b'IRJ' BadZipFile b'JDW' BadZipFile b'JIT' BadZipFile b'JMK' BadZipFile b'JPD' BadZipFile b'JWL' BadZipFile b'JXS' BadZipFile b'KAR' BadZipFile b'KKH' BadZipFile b'LNW' BadZipFile b'MEL' BadZipFile b'NDY' BadZipFile b'NFJ' BadZipFile b'NLU' BadZipFile b'NQU' BadZipFile b'OXC' BadZipFile b'PHA' BadZipFile b'PQY' BadZipFile b'QCN' BadZipFile b'QFT' BadZipFile b'QMB' BadZipFile b'QWZ' BadZipFile b'QYS' BadZipFile b'RBR' BadZipFile b'SKU' BadZipFile b'SLG' BadZipFile b'STU' BadZipFile b'SUP' BadZipFile b'UCD' BadZipFile b'UOA' BadZipFile b'UQM' BadZipFile b'VAO' BadZipFile b'VEQ' BadZipFile b'VJW' BadZipFile b'VVH' BadZipFile b'WDA' BadZipFile b'XCR' BadZipFile b'XIY' BadZipFile b'XLG' BadZipFile b'YJA' BadZipFile b'YMA' BadZipFile b'YRB' BadZipFile b'ZHT' BadZipFile b'ZVJ' BadZipFile b'ZWR' BadZipFile b'ZZT' 69 out of 17576 passwords raise BadZipFile Versions: I reproduced this in Python 2.7.10 and 3.6.0, using a zip file created on Mac OS 10.12.3 with this zip version: $ zip --version Copyright (c) 1990-2008 Info-ZIP - Type 'zip "-L"' for software license. This is Zip 3.0 (July 5th 2008), by Info-ZIP. Compiled with gcc 4.2.1 Compatible Apple LLVM 8.0.0 (clang-800.0.34) for Unix (Mac OS X) on Jul 30 2016. ---------- components: Library (Lib) files: fail.py messages: 289132 nosy: jcushman priority: normal severity: normal status: open title: zipfile raises wrong exception for some incorrect passwords type: behavior versions: Python 2.7, Python 3.6 Added file: http://bugs.python.org/file46706/fail.py _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue29739> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com