summaryrefslogtreecommitdiff
path: root/src/archive/zip
Commit message (Collapse)AuthorAgeFilesLines
* all: add String for fs.{FileInfo,DirEntry} implementationsIan Lance Taylor2023-05-042-0/+8
| | | | | | | | | | | | | | | | | The new String methods use the new FormatFileInfo and FormatDirEntry functions. Fixes #54451 Change-Id: I414cdfc212ec3c316fb2734756d2117842a23631 Reviewed-on: https://go-review.googlesource.com/c/go/+/491175 Reviewed-by: Joseph Tsai <joetsai@digital-static.net> Run-TryBot: Ian Lance Taylor <iant@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Ian Lance Taylor <iant@google.com> Run-TryBot: Ian Lance Taylor <iant@google.com> Auto-Submit: Ian Lance Taylor <iant@google.com> Reviewed-by: Bryan Mills <bcmills@google.com>
* archive/zip: reject overflowing directorySize & directoryOffsetRoland Shoemaker2023-04-242-0/+46
| | | | | | | | | | | | | | | | | | | We added a check for incorrect baseOffset in CL 408734, but in doing so we introduced a panic when directoryOffset overflowed a int64. The zip spec uses uint64, but since io.SectionReader requires int64 we convert, and possibly introduce an overflow. If offset < 0 && size-offset < 0, SectionReader will panic when we attempt to read from it. Since it's extremely unlikely we're ever going to process a zip file larger than 1<<63-1 byte, just limit directory size and offset to the max int64. Change-Id: I1aaa755cf4da927a6e12ef59f97dfc83a3426d86 Reviewed-on: https://go-review.googlesource.com/c/go/+/488195 Reviewed-by: Ian Lance Taylor <iant@google.com> Run-TryBot: Roland Shoemaker <roland@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org> Auto-Submit: Roland Shoemaker <roland@golang.org>
* archive/zip: return ErrInsecurePath for unsafe paths by OpenReaderImre Rad2023-04-052-19/+83
| | | | | | | | | | | | | | | | | | zip.NewReader was recently improved to return ErrInsecurePath when insecure entries are encountered. This change adopts the same logic for the OpenReader interface as well. Fixes #58641 Change-Id: I0d8be94d073cc14cf93a914dc250f85b19cec4ab GitHub-Last-Rev: 68391dc51562aebc893ec70fdfbdfb181955983a GitHub-Pull-Request: golang/go#58658 Reviewed-on: https://go-review.googlesource.com/c/go/+/470735 Run-TryBot: Damien Neil <dneil@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Damien Neil <dneil@google.com> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Auto-Submit: Damien Neil <dneil@google.com>
* all: fix misuses of "a" vs "an"cui fliter2023-04-041-1/+1
| | | | | | | | | | | | | | Fixes the misuse of "a" vs "an", according to English grammatical expectations and using https://www.a-or-an.com/ Change-Id: I53ac724070e3ff3d33c304483fe72c023c7cda47 Reviewed-on: https://go-review.googlesource.com/c/go/+/480536 Run-TryBot: shuang cui <imcusg@gmail.com> Reviewed-by: Ian Lance Taylor <iant@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Auto-Submit: Ian Lance Taylor <iant@google.com> Run-TryBot: Ian Lance Taylor <iant@google.com> Reviewed-by: Michael Knyszek <mknyszek@google.com>
* archive/zip: make receiver names consistentOleksandr Redko2023-03-022-27/+27
| | | | | | | | | | | | | | | | | | | Fixes revive linter receiver-naming warnings: - receiver name f should be consistent with previous receiver name e for fileListEntry - receiver name r should be consistent with previous receiver name z for Reader - receiver name f should be consistent with previous receiver name h for FileHeader Change-Id: Ibfa14b97f6ca7adc86e3a1df919c5bb5de9716dc GitHub-Last-Rev: dd7315b09d224bb2953b82cc6bd97d81c9eaca0a GitHub-Pull-Request: golang/go#58477 Reviewed-on: https://go-review.googlesource.com/c/go/+/467519 Run-TryBot: Ian Lance Taylor <iant@golang.org> Auto-Submit: Ian Lance Taylor <iant@google.com> Reviewed-by: Joseph Tsai <joetsai@digital-static.net> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Reviewed-by: Ian Lance Taylor <iant@google.com> TryBot-Bypass: Ian Lance Taylor <iant@google.com>
* archive/zip: use base offset 0 if it has a valid entryIan Lance Taylor2023-01-203-14/+32
| | | | | | | | | | | | | | | | | | | In CL 408734 we introduced a fall back to base offset 0 if reading a directory entry at the computed base offset failed. We have now found a file in the wild for which the computed base offset is incorrect, but happens to refer to a valid directory entry. In this CL, we change the fallback such that if the first directory header relative to base offset 0 is valid, we just use base offset 0. Change-Id: Ia9ace20c1065d1f651035f16f7d91d741ab1dbf4 Reviewed-on: https://go-review.googlesource.com/c/go/+/461598 Reviewed-by: Cherry Mui <cherryyz@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Ian Lance Taylor <iant@google.com> Auto-Submit: Ian Lance Taylor <iant@google.com> Reviewed-by: Joseph Tsai <joetsai@digital-static.net> Run-TryBot: Ian Lance Taylor <iant@golang.org> Run-TryBot: Ian Lance Taylor <iant@google.com>
* internal/godebug: export non-default-behavior counters in runtime/metricsRuss Cox2023-01-191-3/+4
| | | | | | | | | | | | | | | | | | | Allow GODEBUG users to report how many times a setting resulted in non-default behavior. Record non-default-behaviors for all existing GODEBUGs. Also rework tests to ensure that runtime is in sync with runtime/metrics.All, and generate docs mechanically from metrics.All. For #56986. Change-Id: Iefa1213e2a5c3f19ea16cd53298c487952ef05a4 Reviewed-on: https://go-review.googlesource.com/c/go/+/453618 TryBot-Result: Gopher Robot <gobot@golang.org> Auto-Submit: Russ Cox <rsc@golang.org> Run-TryBot: Russ Cox <rsc@golang.org> Reviewed-by: Michael Knyszek <mknyszek@google.com>
* archive/tar, archive/zip: document ErrInsecurePath and GODEBUG settingRuss Cox2023-01-171-0/+8
| | | | | | | | | | | These are mentioned in the release notes but not the actual doc comments. Nothing should exist only in release notes. Change-Id: I8d10f25a2c9b2677231929ba3f393af9034b777b Reviewed-on: https://go-review.googlesource.com/c/go/+/462195 Run-TryBot: Russ Cox <rsc@golang.org> Reviewed-by: Damien Neil <dneil@google.com> TryBot-Result: Gopher Robot <gobot@golang.org>
* archive/tar, archive/zip: revert documentation of ErrInsecurePathDamien Neil2022-12-211-11/+0
| | | | | | | | | | | | | | CL 452616 disables path security checks by default, enabling them only when GODEBUG=tarinsecurepath=0 or GODEBUG=zipinsecurepath=0 is set. Remove now-obsolete documenation of the path checks. For #55356 Change-Id: I4ae57534efe9e27368d5e67773a502dd0e56eff4 Reviewed-on: https://go-review.googlesource.com/c/go/+/458875 Reviewed-by: Russ Cox <rsc@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org> Run-TryBot: Damien Neil <dneil@google.com>
* archive/zip: only consider UncompressedSize when checking dirsRoland Shoemaker2022-12-062-2/+5
| | | | | | | | | | | | | | | | CL 454475 switched from checking CompressedSize to UncompressedSize when determining if we should consider an archive malformed because it contains data and added a test for an example of this (a JAR). We should also remove the hasDataDescriptor check, since that is basically an alias for CompressedSize > 0. The test didn't catch this because we didn't actually attempt to read from the returned reader. Change-Id: Ibc4c1aa9c3a733f3ebf4a956d1e2f8f4900a29cd Reviewed-on: https://go-review.googlesource.com/c/go/+/455523 Run-TryBot: Roland Shoemaker <roland@golang.org> Reviewed-by: Julie Qiu <julieqiu@google.com> Auto-Submit: Roland Shoemaker <roland@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org>
* archive/zip: use proper doc comment for Deprecated notesRuss Cox2022-12-021-13/+43
| | | | | | | | | | | | | | End-of-line comments are not doc comments, so Deprecated notes in them are not recognized as deprecation notices. Rewrite the comments. Change-Id: Idc4681924f9a7e9ead62f672ef8a763e70db1f0f Reviewed-on: https://go-review.googlesource.com/c/go/+/453616 TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Joseph Tsai <joetsai@digital-static.net> Reviewed-by: Ian Lance Taylor <iant@google.com> Run-TryBot: Russ Cox <rsc@golang.org> Auto-Submit: Russ Cox <rsc@golang.org>
* archive/zip: tolerate compressed directories with zero uncompressed sizeRoland Shoemaker2022-12-012-1/+76
| | | | | | | | | | | | | | | | | | | | | In CL 449955 we made reading of directories with associated file data an error, since it is a "must not" in the zip specification. It turns out that a number of implementations make the mistake of not setting the correct compression method on directories (in particular the Java jar tool does this when storing the META-INF directory). If the compression method used is not 0 (stored) then the compressed size of the directory can be > 0, despite the uncompressed size still being 0. Since this mistake is not uncommon, we are forced to tolerate it. We still fail if the recorded uncompressed size is > 0, which should be a significantly harder mistake to make. Change-Id: Ia732b10787f26ab937ac9cf9869ac3042efb8118 Reviewed-on: https://go-review.googlesource.com/c/go/+/454475 Reviewed-by: Ian Lance Taylor <iant@google.com> Auto-Submit: Roland Shoemaker <roland@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org> Run-TryBot: Roland Shoemaker <roland@golang.org>
* archive/tar, archive/zip: disable ErrInsecurePath by defaultDamien Neil2022-11-221-1/+1
| | | | | | | | | | | | | | | | | This change is being made late in the release cycle. Disable it by default. Insecure path checks may be enabled by setting GODEBUG=tarinsecurepath=0 or GODEBUG=zipinsecurepath=0. We can enable this by default in Go 1.21 after publicizing the change more broadly and giving users a chance to adapt to the change. For #55356. Change-Id: I549298b3c85d6c8c7fd607c41de1073083f79b1d Reviewed-on: https://go-review.googlesource.com/c/go/+/452616 TryBot-Result: Gopher Robot <gobot@golang.org> Auto-Submit: Damien Neil <dneil@google.com> Reviewed-by: Russ Cox <rsc@golang.org> Run-TryBot: Damien Neil <dneil@google.com>
* archive/tar, archive/zip: disable insecure file name checks with GODEBUGDamien Neil2022-11-212-0/+32
| | | | | | | | | | | | | | | Add GODEBUG=tarinsecurepath=1 and GODEBUG=zipinsecurepath=1 settings to disable file name validation. For #55356. Change-Id: Iaacdc629189493e7ea3537a81660215a59dd40a4 Reviewed-on: https://go-review.googlesource.com/c/go/+/452495 Reviewed-by: Bryan Mills <bcmills@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Run-TryBot: Damien Neil <dneil@google.com> Reviewed-by: Russ Cox <rsc@golang.org> Reviewed-by: Heschi Kreinick <heschi@google.com>
* archive/tar, archive/zip: return ErrInsecurePath for unsafe pathsDamien Neil2022-11-163-12/+61
| | | | | | | | | | | | | | | | | | | | | | | | Return a distinguishable error when reading an archive file with a path that is: - absolute - escapes the current directory (../a) - on Windows, a reserved name such as NUL Users may ignore this error and proceed if they do not need name sanitization or intend to perform it themselves. Fixes #25849 Fixes #55356 Change-Id: Ieefa163f00384bc285ab329ea21a6561d39d8096 Reviewed-on: https://go-review.googlesource.com/c/go/+/449937 Reviewed-by: Joseph Tsai <joetsai@digital-static.net> TryBot-Result: Gopher Robot <gobot@golang.org> Run-TryBot: Damien Neil <dneil@google.com> Auto-Submit: Damien Neil <dneil@google.com> Reviewed-by: Ian Lance Taylor <iant@golang.org> Reviewed-by: Roland Shoemaker <roland@golang.org>
* archive/zip: don't read directories containing file dataAlexander Yastrebov2022-11-142-0/+49
| | | | | | | | | | | | | | | Fixes #54801 Change-Id: I3d03516792975ddb09835b2621c57e12e7cbad35 GitHub-Last-Rev: 4faa7e14dcc48c05d707f1e137d915da24133e14 GitHub-Pull-Request: golang/go#56714 Reviewed-on: https://go-review.googlesource.com/c/go/+/449955 Run-TryBot: Ian Lance Taylor <iant@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Ian Lance Taylor <iant@google.com> Run-TryBot: Ian Lance Taylor <iant@google.com> Auto-Submit: Ian Lance Taylor <iant@google.com> Reviewed-by: Joedian Reid <joedian@golang.org>
* archive/zip: use strings.TrimPrefixcuiweixie2022-09-291-3/+4
| | | | | | | | | | Change-Id: I2854b5e7b48c4c189df84cb7281b7b7de780eebd Reviewed-on: https://go-review.googlesource.com/c/go/+/435938 TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Ian Lance Taylor <iant@google.com> Run-TryBot: Ian Lance Taylor <iant@google.com> Auto-Submit: Ian Lance Taylor <iant@google.com> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
* archive: use strings.Buildercuiweixie2022-09-061-1/+1
| | | | | | | | | | Change-Id: I07e022ffc022bca6aa12165871e723db3ed83141 Reviewed-on: https://go-review.googlesource.com/c/go/+/428255 Reviewed-by: Ian Lance Taylor <iant@google.com> Auto-Submit: Ian Lance Taylor <iant@google.com> Run-TryBot: Ian Lance Taylor <iant@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Robert Griesemer <gri@google.com>
* archive/zip: use bufio.Reset rather than NewReaderIan Lance Taylor2022-06-021-1/+1
| | | | | | | | | | | | | | A clean up for CL 408734, suggested by Joe Tsai. Change-Id: Ida9db0b8d31785d5640938c286c9c6c82c27f457 Reviewed-on: https://go-review.googlesource.com/c/go/+/410154 Auto-Submit: Ian Lance Taylor <iant@google.com> Run-TryBot: Ian Lance Taylor <iant@golang.org> Reviewed-by: Ian Lance Taylor <iant@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Run-TryBot: Ian Lance Taylor <iant@google.com> Reviewed-by: Joseph Tsai <joetsai@digital-static.net>
* archive/zip: if non-zero base offset fails, fall back to zeroIan Lance Taylor2022-06-023-0/+32
| | | | | | | | | | | | | | This permits us to read files that earlier Go releases could read. It is also compatible with other zip programs. Change-Id: I7e2999f1073c4db5ba3f51f92681e0b149d55b3e Reviewed-on: https://go-review.googlesource.com/c/go/+/408734 Run-TryBot: Ian Lance Taylor <iant@golang.org> Run-TryBot: Ian Lance Taylor <iant@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Auto-Submit: Ian Lance Taylor <iant@google.com> Reviewed-by: Michael Knyszek <mknyszek@google.com> Reviewed-by: Ian Lance Taylor <iant@google.com>
* all: gofmt main repoRuss Cox2022-05-191-1/+1
| | | | | | | | | | | | | | | | | Excluding vendor and testdata. CL 384268 already reformatted most, but these slipped past. The struct in the doc comment in debug/dwarf/type.go was fixed up by hand to indent the first and last lines as well. For #51082. Change-Id: Iad020f83aafd671ff58238fe491907e85923d0c7 Reviewed-on: https://go-review.googlesource.com/c/go/+/407137 Run-TryBot: Russ Cox <rsc@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org> Auto-Submit: Russ Cox <rsc@golang.org> Reviewed-by: Ian Lance Taylor <iant@google.com>
* archive/zip: error if using io/fs on zip with duplicate entriesIan Lance Taylor2022-05-103-13/+131
| | | | | | | | | | | | | Fixes #50390 Change-Id: I92787cdb3fa198ff88dcaadeccfcb49a3a6a88cf Reviewed-on: https://go-review.googlesource.com/c/go/+/374954 Reviewed-by: Heschi Kreinick <heschi@google.com> Reviewed-by: Joseph Tsai <joetsai@digital-static.net> Reviewed-by: Ian Lance Taylor <iant@google.com> Run-TryBot: Ian Lance Taylor <iant@google.com> Auto-Submit: Ian Lance Taylor <iant@google.com> TryBot-Result: Gopher Robot <gobot@golang.org>
* archive/zip: permit zip files to have prefixesIan Lance Taylor2022-05-084-13/+41
| | | | | | | | | | | | | | | | | | | A Java jar file is a zip file, but it can have a prefix that is a bash script that unpacks the zip file. Most zip programs ignore such prefixes. This CL changes the archive/zip package to do the same. Fixes #10464 Fixes #51337 Change-Id: I976e9c64684644317bd21077bc5b4a2baf626ee6 Reviewed-on: https://go-review.googlesource.com/c/go/+/387976 Run-TryBot: Ian Lance Taylor <iant@google.com> Reviewed-by: Ian Lance Taylor <iant@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Run-TryBot: Ian Lance Taylor <iant@golang.org> Reviewed-by: David Chase <drchase@google.com> Reviewed-by: Joseph Tsai <joetsai@digital-static.net> Auto-Submit: Ian Lance Taylor <iant@google.com>
* archive/zip: remove unused File.descErr fieldKale Blankenship2022-05-031-2/+1
| | | | | | | | | | | | | Found via staticcheck. Unused as of CL 357489. Change-Id: I3aa409994ba4388912ac7e7809168529a5b6e31c Reviewed-on: https://go-review.googlesource.com/c/go/+/403814 TryBot-Result: Gopher Robot <gobot@golang.org> Run-TryBot: Kale B <kale@lemnisys.com> Run-TryBot: Ian Lance Taylor <iant@google.com> Reviewed-by: Ian Lance Taylor <iant@google.com> Auto-Submit: Ian Lance Taylor <iant@google.com> Reviewed-by: David Chase <drchase@google.com>
* archive/zip: fail fast if UncompressedSize64 < nreadMeng Zhuo2022-04-112-0/+30
| | | | | | | | | | | | | | | | | | The zip reader checks that the uncompressed file size is valid after all compressed files read until EOF. However in between reading each file, there could have already been an overflow where nread > UncompressedSize64 hence this change will now return ErrFormat in such situations. Fixes #49791 Change-Id: If3584a57d173de6a97bf35c07d2a99ff6972f820 Reviewed-on: https://go-review.googlesource.com/c/go/+/366854 Trust: mzh <mzh@golangcn.org> Run-TryBot: Ian Lance Taylor <iant@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Emmanuel Odeke <emmanuel@orijtech.com> Trust: Emmanuel Odeke <emmanuel@orijtech.com>
* all: remove trailing blank doc comment linesRuss Cox2022-04-011-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | A future change to gofmt will rewrite // Doc comment. // func f() to // Doc comment. func f() Apply that change preemptively to all doc comments. For #51082. Change-Id: I4023e16cfb0729b64a8590f071cd92f17343081d Reviewed-on: https://go-review.googlesource.com/c/go/+/384259 Trust: Russ Cox <rsc@golang.org> Run-TryBot: Russ Cox <rsc@golang.org> Reviewed-by: Ian Lance Taylor <iant@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org>
* all: add a handful of fuzz targetsRoland Shoemaker2022-01-131-0/+81
| | | | | | | | | | | | | | | | Adds simple fuzz targets to archive/tar, archive/zip, compress/gzip, encoding/json, image/jpeg, image/gif, and image/png. Second attempt, this time we don't use the archives in testdata when fuzzing archive/tar, since those are rather memory intensive, and were crashing a number of builders. Change-Id: I4828d64fa4763c0d8c980392a6578e4dfd956e13 Reviewed-on: https://go-review.googlesource.com/c/go/+/378174 Trust: Roland Shoemaker <roland@golang.org> Run-TryBot: Roland Shoemaker <roland@golang.org> Reviewed-by: Bryan Mills <bcmills@google.com> TryBot-Result: Gopher Robot <gobot@golang.org>
* Revert "all: add a handful of fuzz targets"Bryan Mills2022-01-121-81/+0
| | | | | | | | | | | | | | This reverts CL 352109. Reason for revert: causing OOM failures on several builders, and may cause OOMs for end users with small machines as well. Change-Id: I58308d09919969d5a6512ee5cee6aa5c4af6769b Reviewed-on: https://go-review.googlesource.com/c/go/+/377934 Trust: Bryan Mills <bcmills@google.com> Run-TryBot: Bryan Mills <bcmills@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Katie Hockman <katie@golang.org> Trust: Katie Hockman <katie@golang.org>
* all: add a handful of fuzz targetsRoland Shoemaker2022-01-121-0/+81
| | | | | | | | | | | | | Adds simple fuzz targets to archive/tar, archive/zip, compress/gzip, encoding/json, image/jpeg, image/gif, and image/png. Change-Id: Ide1a8de88a9421e786eeeaea3bb93f41e0bae347 Reviewed-on: https://go-review.googlesource.com/c/go/+/352109 Trust: Katie Hockman <katie@golang.org> Reviewed-by: Katie Hockman <katie@golang.org> Trust: Roland Shoemaker <roland@golang.org> Run-TryBot: Roland Shoemaker <roland@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org>
* all: gofmt -w -r 'interface{} -> any' srcRuss Cox2021-12-132-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | And then revert the bootstrap cmd directories and certain testdata. And adjust tests as needed. Not reverting the changes in std that are bootstrapped, because some of those changes would appear in API docs, and we want to use any consistently. Instead, rewrite 'any' to 'interface{}' in cmd/dist for those directories when preparing the bootstrap copy. A few files changed as a result of running gofmt -w not because of interface{} -> any but because they hadn't been updated for the new //go:build lines. Fixes #49884. Change-Id: Ie8045cba995f65bd79c694ec77a1b3d1fe01bb09 Reviewed-on: https://go-review.googlesource.com/c/go/+/368254 Trust: Russ Cox <rsc@golang.org> Run-TryBot: Russ Cox <rsc@golang.org> Reviewed-by: Robert Griesemer <gri@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org>
* archive/zip: don't read data descriptor earlyArran Walker2021-11-073-197/+27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Go 1.17 introduced an unnecessary change to when a zip's data descriptor is read for file entries, how it is parsed and how the crc32 field is used. Before Go 1.17, the data descriptor was read immediately after a file entry's content. This continuous read is a pattern existing applications have come to rely upon (for example, where reads at specific offsets might be translated to HTTP range requests). In Go 1.17, all data descriptors are immediately read upon opening the file. This results in scattered and non-continuous reads of the archive, and depending on the underlying reader, might have severe performance implications. In addition, an additional object is now initialized for each entry, but is mostly redundant. Previously, the crc32 field in the data descriptor would return an error if it did not match the central directory's entry. This check has seemingly been unintentionally removed. If the central directory crc32 is invalid and a data descriptor is present, no error is returned. This change reverts to the previous handling of data descriptors, before CL 312310. Fixes #48374 Fixes #49089 Change-Id: I5df2878c4fcc9e500064e7175f3ab9727c82f100 Reviewed-on: https://go-review.googlesource.com/c/go/+/357489 Run-TryBot: Ian Lance Taylor <iant@golang.org> Reviewed-by: Ian Lance Taylor <iant@golang.org> Trust: Dmitri Shuralyov <dmitshur@golang.org>
* archive/zip: don't panic on (*Reader).OpenJason76022021-11-022-2/+136
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously, opening a zip with (*Reader).Open could result in a panic if the zip contained a file whose name was exclusively made up of slash characters or ".." path elements. Open could also panic if passed the empty string directly as an argument. Now, any files in the zip whose name could not be made valid for fs.FS.Open will be skipped, and no longer added to the fs.FS file list, although they are still accessible through (*Reader).File. Note that it was already the case that a file could be accessible from (*Reader).Open with a name different from the one in (*Reader).File, as the former is the cleaned name, while the latter is the original one. Finally, made the actual panic site robust as a defense-in-depth measure. Fixes CVE-2021-41772 Fixes #48085 Co-authored-by: Filippo Valsorda <filippo@golang.org> Change-Id: I6271a3f2892e7746f52e213b8eba9a1bba974678 Reviewed-on: https://go-review.googlesource.com/c/go/+/349770 Run-TryBot: Filippo Valsorda <filippo@golang.org> Reviewed-by: Katie Hockman <katie@golang.org> Reviewed-by: Filippo Valsorda <filippo@golang.org> Trust: Katie Hockman <katie@golang.org> Trust: Julie Qiu <julie@golang.org>
* all: use bytes.Cut, strings.CutRuss Cox2021-10-061-1/+1
| | | | | | | | | | | | | | | Many uses of Index/IndexByte/IndexRune/Split/SplitN can be written more clearly using the new Cut functions. Do that. Also rewrite to other functions if that's clearer. For #46336. Change-Id: I68d024716ace41a57a8bf74455c62279bde0f448 Reviewed-on: https://go-review.googlesource.com/c/go/+/351711 Trust: Russ Cox <rsc@golang.org> Run-TryBot: Russ Cox <rsc@golang.org> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Ian Lance Taylor <iant@golang.org>
* archive/zip: prevent preallocation check from overflowingRoland Shoemaker2021-08-202-1/+19
| | | | | | | | | | | | | | | | | | | | | If the indicated directory size in the archive header is so large that subtracting it from the archive size overflows a uint64, the check that the indicated number of files in the archive can be effectively bypassed. Prevent this from happening by checking that the indicated directory size is less than the size of the archive. Thanks to the OSS-Fuzz project for discovering this issue and to Emmanuel Odeke for reporting it. Fixes #47801 Fixes CVE-2021-39293 Change-Id: Ifade26b98a40f3b37398ca86bd5252d12394dd24 Reviewed-on: https://go-review.googlesource.com/c/go/+/343434 Trust: Roland Shoemaker <roland@golang.org> Run-TryBot: Roland Shoemaker <roland@golang.org> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Russ Cox <rsc@golang.org>
* archive/zip: only preallocate File slice if reasonably sizedRoland Shoemaker2021-05-252-1/+68
| | | | | | | | | | | | | | | | | | | | | | | | Since the number of files in the EOCD record isn't validated, it isn't safe to preallocate Reader.Files using that field. A malformed archive can indicate it contains up to 1 << 128 - 1 files. We can still safely preallocate the slice by checking if the specified number of files in the archive is reasonable, given the size of the archive. Thanks to the OSS-Fuzz project for discovering this issue and to Emmanuel Odeke for reporting it. Fixes #46242 Fixes CVE-2021-33196 Change-Id: I3c76d8eec178468b380d87fdb4a3f2cb06f0ee76 Reviewed-on: https://go-review.googlesource.com/c/go/+/318909 Trust: Roland Shoemaker <roland@golang.org> Trust: Katie Hockman <katie@golang.org> Trust: Joe Tsai <thebrokentoaster@gmail.com> Run-TryBot: Roland Shoemaker <roland@golang.org> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Katie Hockman <katie@golang.org> Reviewed-by: Joe Tsai <thebrokentoaster@gmail.com>
* archive/zip: add File.OpenRaw, Writer.CreateRaw, Writer.CopyEddie Scholtz2021-05-035-61/+541
| | | | | | | | | | | | | | | | | | | | These new methods provide support for cases where performance is a primary concern. For example, copying files from an existing zip to a new zip without incurring the decompression and compression overhead. Using an optimized, external compression method and writing the output to a zip archive. And compressing file contents in parallel and then sequentially writing the compressed bytes to a zip archive. TestWriterCopy is copied verbatim from https://github.com/rsc/zipmerge Fixes #34974 Change-Id: Iade5bc245ba34cdbb86364bf59f79f38bb9e2eb6 Reviewed-on: https://go-review.googlesource.com/c/go/+/312310 Run-TryBot: Ian Lance Taylor <iant@golang.org> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Ian Lance Taylor <iant@golang.org> Trust: Carlos Amedee <carlos@golang.org>
* archive/zip: only return directory once via io/fs.FSIan Lance Taylor2021-04-293-18/+92
| | | | | | | | | | | | | | While we're here fix the ModTime value for directories. Fixes #43872 Fixes #45345 Change-Id: I155e6517713ef6a9482b9431f1167a44337c6ad2 Reviewed-on: https://go-review.googlesource.com/c/go/+/311530 Trust: Ian Lance Taylor <iant@golang.org> Run-TryBot: Ian Lance Taylor <iant@golang.org> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Jeremy Faller <jeremy@golang.org>
* archive/zip: fix imports block of biggestZipBytes generatorPaschalis Tsilias2021-04-181-1/+1
| | | | | | | | | | | | Fixes #45529 Change-Id: I4d64c40aa6733b783dc4066e222f17abeb7ad413 Reviewed-on: https://go-review.googlesource.com/c/go/+/309357 Reviewed-by: Joe Tsai <thebrokentoaster@gmail.com> Trust: Joe Tsai <thebrokentoaster@gmail.com> Trust: Ian Lance Taylor <iant@golang.org> Run-TryBot: Joe Tsai <thebrokentoaster@gmail.com> TryBot-Result: Go Bot <gobot@golang.org>
* archive/zip: fix character device handling in fileModeToUnixModeTom Thorogood2021-04-032-5/+15
| | | | | | | | | | | | | | | The switch case for fs.ModeDevice can only be reached for block devices while character devices match fs.ModeDevice | fs.ModeCharDevice. This would cause character devices to wrongly be reported as regular files. This bug has existed since the switch was first introduced in CL 5624048. Change-Id: Icdbedb015e5376b385b3115d2e4574daa052f796 Reviewed-on: https://go-review.googlesource.com/c/go/+/300891 Run-TryBot: Ian Lance Taylor <iant@golang.org> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Ian Lance Taylor <iant@golang.org> Trust: Emmanuel Odeke <emmanuel@orijtech.com>
* archive/zip: fix panic in Reader.OpenRoland Shoemaker2021-03-102-1/+36
| | | | | | | | | | | | | | | | | | | | | When operating on a Zip file that contains a file prefixed with "../", Open(...) would cause a panic in toValidName when attempting to strip the prefixed path components. Fixes CVE-2021-27919 Fixes #44916 Change-Id: Ic755d8126cb0897e2cbbdacf572439c38dde7b35 Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1004761 Reviewed-by: Filippo Valsorda <valsorda@google.com> Reviewed-by: Russ Cox <rsc@google.com> Reviewed-by: Katie Hockman <katiehockman@google.com> Reviewed-on: https://go-review.googlesource.com/c/go/+/300489 Trust: Katie Hockman <katie@golang.org> Run-TryBot: Katie Hockman <katie@golang.org> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Alexander Rakoczy <alex@golang.org> Reviewed-by: Filippo Valsorda <filippo@golang.org>
* all: update to use os.ReadFile, os.WriteFile, os.CreateTemp, os.MkdirTempRuss Cox2020-12-092-8/+7
| | | | | | | | | | | | | | | | | | | | | | As part of #42026, these helpers from io/ioutil were moved to os. (ioutil.TempFile and TempDir became os.CreateTemp and MkdirTemp.) Update the Go tree to use the preferred names. As usual, code compiled with the Go 1.4 bootstrap toolchain and code vendored from other sources is excluded. ReadDir changes are in a separate CL, because they are not a simple search and replace. For #42026. Change-Id: If318df0216d57e95ea0c4093b89f65e5b0ababb3 Reviewed-on: https://go-review.googlesource.com/c/go/+/266365 Trust: Russ Cox <rsc@golang.org> Run-TryBot: Russ Cox <rsc@golang.org> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Ian Lance Taylor <iant@golang.org>
* archive/zip: fix documentation to mention fs.FS interfaceArtyom Pervukhin2020-11-071-1/+1
| | | | | | | | | Fixes #42374 Change-Id: I0ed1eb052d79bcc65810b74bff48f1e615e1dc1e Reviewed-on: https://go-review.googlesource.com/c/go/+/267657 Reviewed-by: Ian Lance Taylor <iant@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
* all: update references to symbols moved from io/ioutil to ioRuss Cox2020-10-204-9/+7
| | | | | | | | | | | | | | | | | | | The old ioutil references are still valid, but update our code to reflect best practices and get used to the new locations. Code compiled with the bootstrap toolchain (cmd/asm, cmd/dist, cmd/compile, debug/elf) must remain Go 1.4-compatible and is excluded. Also excluded vendored code. For #41190. Change-Id: I6d86f2bf7bc37a9d904b6cee3fe0c7af6d94d5b1 Reviewed-on: https://go-review.googlesource.com/c/go/+/263142 Trust: Russ Cox <rsc@golang.org> Run-TryBot: Russ Cox <rsc@golang.org> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Emmanuel Odeke <emm.odeke@gmail.com>
* archive/zip: make Reader implement fs.FSRuss Cox2020-10-203-0/+203
| | | | | | | | | | | | | | Now a zip.Reader (an open zip file) can be passed to code that accepts a file system, such as (soon) template parsing. For #41190. Change-Id: If51b12e39db3ccc27f643c2453d3300a38035360 Reviewed-on: https://go-review.googlesource.com/c/go/+/243937 Trust: Russ Cox <rsc@golang.org> Run-TryBot: Russ Cox <rsc@golang.org> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Rob Pike <r@golang.org>
* all: update references to symbols moved from os to io/fsRuss Cox2020-10-203-46/+47
| | | | | | | | | | | | | | | | | | The old os references are still valid, but update our code to reflect best practices and get used to the new locations. Code compiled with the bootstrap toolchain (cmd/asm, cmd/dist, cmd/compile, debug/elf) must remain Go 1.4-compatible and is excluded. For #41190. Change-Id: I8f9526977867c10a221e2f392f78d7dec073f1bd Reviewed-on: https://go-review.googlesource.com/c/go/+/243907 Trust: Russ Cox <rsc@golang.org> Run-TryBot: Russ Cox <rsc@golang.org> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Rob Pike <r@golang.org>
* all: base64-encode binaries that will cause Apple notarization to failAndrew2019-11-213-9/+26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Starting with macOS 10.15 (Catalina), Apple now requires all software distributed outside of the App Store to be notarized. Any binaries we distribute must abide by a strict set of requirements like code-signing and having a minimum target SDK of 10.9 (amongst others). Apple’s notarization service will recursively inspect archives looking to find notarization candidate binaries. If it finds a binary that does not meet the requirements or is unable to decompress an archive, it will reject the entire distribution. From cursory testing, it seems that the service uses content sniffing to determine file types, so changing the file extension will not work. There are some binaries and archives included in our distribution that are being detected by Apple’s service as potential candidates for notarization or decompression. As these are files used by tests and some are intentionally invalid, we don’t intend to ever make them compliant. As a workaround for this, we base64-encode any binaries or archives that Apple’s notarization service issues a warning for, as these warnings will become errors in January 2020. Updates #34986 Change-Id: I106fbb6227b61eb221755568f047ee11103c1680 Reviewed-on: https://go-review.googlesource.com/c/go/+/208118 Run-TryBot: Andrew Bonventre <andybons@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
* archive/zip: remove unused special caseAndrew Gerrand2019-08-272-9/+7
| | | | | | | | | | | | | | | | | | This removes a special case that was added to fix issue #10956, but that was never actually effective. The code in the test case still fails to read, so perhaps the zip64 support added in CL 6463050 inadvertently caught this particular case. It's possible that the original theorized bug still exists, but I'm not convinced it was ever fixed. Update #28700 Change-Id: I4854de616364510f64a6def30b308686563f8dbb Reviewed-on: https://go-review.googlesource.com/c/go/+/179757 Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
* all: shorten some testsRuss Cox2019-05-221-3/+2
| | | | | | | | | | | | | | | Shorten some of the longest tests that run during all.bash. Removes 7r 50u 21s from all.bash. After this change, all.bash is under 5 minutes again on my laptop. For #26473. Change-Id: Ie0460aa935808d65460408feaed210fbaa1d5d79 Reviewed-on: https://go-review.googlesource.com/c/go/+/177559 Run-TryBot: Russ Cox <rsc@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Ian Lance Taylor <iant@golang.org>
* archive/zip: use Modified in FileHeader.FileInfoJannis Andrija Schnitzer2019-04-082-4/+50
| | | | | | | | | | | | | | | | | The Modified field allows representation of extended timestamps, which provide more accuracy than the legacy MS-DOS timestamps. The FileInfo method provides an implementation of the os.FileInfo interface for files inside archives. With this change, we make FileInfo use the Modified field, if present, to return more detailed timestamps from its ModTime method. Fixes #28350 Change-Id: Ia31b5b871a3e61df38a3a1325787ae23ea0b8088 GitHub-Last-Rev: 13e94be3f8ba58717911354146670fc2bc594692 GitHub-Pull-Request: golang/go#28352 Reviewed-on: https://go-review.googlesource.com/c/go/+/144382 Run-TryBot: Daniel Martí <mvdan@mvdan.cc> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Joe Tsai <thebrokentoaster@gmail.com>
* archive/zip: fix casting overflow on 32-bit archLE Manh Cuong2019-01-071-2/+2
| | | | | | | | | | Fixes #29555 Change-Id: Ia3c0dd65bcf94dea3f6e04c23c1fe5d6d0b2c1e9 Reviewed-on: https://go-review.googlesource.com/c/156399 Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org> Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org>
View Lorry Controller Status