From 9137c6be26375d9d0426aa55f581eda1e4527aa3 Mon Sep 17 00:00:00 2001 From: Richard Webb Date: Mon, 1 Apr 2019 22:45:11 +0100 Subject: [PATCH 1/3] Change ZipInputStream to use its own IsEntryCompressionMethodSupported function rather than the one in ZipEntry. --- .../Zip/ZipInputStream.cs | 20 +++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/src/ICSharpCode.SharpZipLib/Zip/ZipInputStream.cs b/src/ICSharpCode.SharpZipLib/Zip/ZipInputStream.cs index b9c8d8c35..6c210931f 100644 --- a/src/ICSharpCode.SharpZipLib/Zip/ZipInputStream.cs +++ b/src/ICSharpCode.SharpZipLib/Zip/ZipInputStream.cs @@ -131,10 +131,26 @@ public bool CanDecompressEntry { get { - return (entry != null) && entry.CanDecompress; + return (entry != null) && IsEntryCompressionMethodSupported(entry) && entry.CanDecompress; } } + /// + /// Is the compression method for the specified entry supported? + /// + /// + /// Uses entry.CompressionMethodForHeader so that entries of type WinZipAES will be rejected. + /// + /// the entry to check. + /// true if the compression methiod is supported, false if not. + private static bool IsEntryCompressionMethodSupported(ZipEntry entry) + { + var entryCompressionMethod = entry.CompressionMethodForHeader; + + return entryCompressionMethod == CompressionMethod.Deflated || + entryCompressionMethod == CompressionMethod.Stored; + } + /// /// Advances to the next entry in the archive /// @@ -271,7 +287,7 @@ public ZipEntry GetNextEntry() } // Determine how to handle reading of data if this is attempted. - if (entry.IsCompressionMethodSupported()) + if (IsEntryCompressionMethodSupported(entry)) { internalReader = new ReadDataHandler(InitialRead); } From c7d21c5027a11c8aef0a23d47408500f3dc4a8e8 Mon Sep 17 00:00:00 2001 From: Richard Webb Date: Wed, 19 Jun 2019 22:44:28 +0100 Subject: [PATCH 2/3] Unit test for ZipInputStream.CanDecompressEntry being false for AES encrypted entries. --- .../Zip/ZipEncryptionHandling.cs | 34 +++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/test/ICSharpCode.SharpZipLib.Tests/Zip/ZipEncryptionHandling.cs b/test/ICSharpCode.SharpZipLib.Tests/Zip/ZipEncryptionHandling.cs index f9c988df1..bbec4ffef 100644 --- a/test/ICSharpCode.SharpZipLib.Tests/Zip/ZipEncryptionHandling.cs +++ b/test/ICSharpCode.SharpZipLib.Tests/Zip/ZipEncryptionHandling.cs @@ -399,6 +399,40 @@ public void ZipFileAESReadWithEmptyPassword() } } + /// + /// ZipInputStream can't decrypt AES encrypted entries, but it should repot that to the caller + /// rather than just failing. + /// + [Test] + [Category("Zip")] + public void ZipinputStreamShouldGracefullyFailWithAESStreams() + { + string password = "password"; + + using (var memoryStream = new MemoryStream()) + { + // Try to create a zip stream + WriteEncryptedZipToStream(memoryStream, password, 256); + + // reset + memoryStream.Seek(0, SeekOrigin.Begin); + + // Try to read + using (var inputStream = new ZipInputStream(memoryStream)) + { + inputStream.Password = password; + var entry = inputStream.GetNextEntry(); + Assert.That(entry.AESKeySize, Is.EqualTo(256), "Test entry should be AES256 encrypted."); + + // CanDecompressEntry should be false. + Assert.That(inputStream.CanDecompressEntry, Is.False, "CanDecompressEntry should be false for AES encrypted entries"); + + // Should throw on read. + Assert.Throws(() => inputStream.ReadByte()); + } + } + } + private static readonly string[] possible7zPaths = new[] { // Check in PATH "7z", "7za", From fb8fe8c103d49146d7fa7cafc1e17660a8d6b400 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?nils=20m=C3=A5s=C3=A9n?= Date: Sat, 15 Aug 2020 13:22:27 +0200 Subject: [PATCH 3/3] Fix comment typo --- test/ICSharpCode.SharpZipLib.Tests/Zip/ZipEncryptionHandling.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/ICSharpCode.SharpZipLib.Tests/Zip/ZipEncryptionHandling.cs b/test/ICSharpCode.SharpZipLib.Tests/Zip/ZipEncryptionHandling.cs index bbec4ffef..938c062fe 100644 --- a/test/ICSharpCode.SharpZipLib.Tests/Zip/ZipEncryptionHandling.cs +++ b/test/ICSharpCode.SharpZipLib.Tests/Zip/ZipEncryptionHandling.cs @@ -400,7 +400,7 @@ public void ZipFileAESReadWithEmptyPassword() } /// - /// ZipInputStream can't decrypt AES encrypted entries, but it should repot that to the caller + /// ZipInputStream can't decrypt AES encrypted entries, but it should report that to the caller /// rather than just failing. /// [Test]