From: Pat Thoyts <patthoyts@users.sourceforge.net>
Date: Wed, 21 Jan 2009 23:39:12 +0000 (+0000)
Subject: [Bug 2256740] handle nested zip files robustly by ensuring we seek to the outermost... 
X-Git-Url: http://www.privyetmir.co.uk/gitweb?a=commitdiff_plain;h=fbe2d30ee135b5f63f48b68f03fa9e9f970915c0;p=tclvfs

[Bug 2256740] handle nested zip files robustly by ensuring we seek to the outermost directory marker.
---

diff --git a/ChangeLog b/ChangeLog
index 3bbf1c4..8bfb418 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2009-01-21  Andreas Kupries  <andreask@activestate.com>
+
+	* pkgIndex.tcl.in: Incremented version of vfs::zip
+	* library/zipvfs.tcl (zip::EndOfArchive): Fixed Schelte Bron's
+	[Bug 2256740]. Trigger on outermost magic sequence, not an inner
+	sequence from a n uncompressed zip archive stored in the zip.
+
 2008-12-22  Pat Thoyts  <patthoyts@users.sourceforge.net>
 
 	* library/mk4vfs.tcl: Fix vfs::ztream to support 8.6 core zlib
diff --git a/library/zipvfs.tcl b/library/zipvfs.tcl
index 669bf44..14c3ab6 100644
--- a/library/zipvfs.tcl
+++ b/library/zipvfs.tcl
@@ -1,6 +1,6 @@
 # Removed provision of the backward compatible name. Moved to separate
 # file/package.
-package provide vfs::zip 1.0.2
+package provide vfs::zip 1.0.3
 
 package require vfs
 
@@ -380,7 +380,13 @@ proc zip::EndOfArchive {fd arr} {
 
 	seek $fd $n end
 	set hdr [read $fd $len]
-	set pos [string first "PK\05\06" $hdr]
+
+	# We are using 'string last' as we are searching the first
+	# from the end, which is the last from the beginning. See [SF
+	# Bug 2256740]. A zip archive stored in a zip archive can
+	# confuse the unmodified code, triggering on the magic
+	# sequence for the inner, uncompressed archive.
+	set pos [string last "PK\05\06" $hdr]
 	if {$pos == -1} {
 	    if {$at >= $sz} {
 		return -code error "no header found"
diff --git a/pkgIndex.tcl.in b/pkgIndex.tcl.in
index cf7c4d3..39f6a87 100644
--- a/pkgIndex.tcl.in
+++ b/pkgIndex.tcl.in
@@ -35,7 +35,7 @@ package ifneeded vfslib     1.4   [list source [file join $dir vfslib.tcl]]
 
 # New, for the old, keep version numbers synchronized.
 package ifneeded vfs::mk4     1.10.1 [list source [file join $dir mk4vfs.tcl]]
-package ifneeded vfs::zip     1.0.2  [list source [file join $dir zipvfs.tcl]]
+package ifneeded vfs::zip     1.0.3  [list source [file join $dir zipvfs.tcl]]
 
 # New
 package ifneeded vfs::ftp     1.0 [list source [file join $dir ftpvfs.tcl]]