rubyzip 1.2.0 → 2.3.0

data/lib/zip/crypto/decrypted_io.rb

@@ -0,0 +1,40 @@
+module Zip
+  class DecryptedIo #:nodoc:all
+    CHUNK_SIZE = 32_768
+
+    def initialize(io, decrypter)
+      @io = io
+      @decrypter = decrypter
+    end
+
+    def read(length = nil, outbuf = +'')
+      return (length.nil? || length.zero? ? '' : nil) if eof
+
+      while length.nil? || (buffer.bytesize < length)
+        break if input_finished?
+
+        buffer << produce_input
+      end
+
+      outbuf.replace(buffer.slice!(0...(length || output_buffer.bytesize)))
+    end
+
+    private
+
+    def eof
+      buffer.empty? && input_finished?
+    end
+
+    def buffer
+      @buffer ||= +''
+    end
+
+    def input_finished?
+      @io.eof
+    end
+
+    def produce_input
+      @decrypter.decrypt(@io.read(CHUNK_SIZE))
+    end
+  end
+end

data/lib/zip/crypto/null_encryption.rb

@@ -24,8 +24,7 @@ module Zip
       ''
     end
 
-    def reset!
-    end
+    def reset!; end
   end
 
   class NullDecrypter < Decrypter
@@ -35,8 +34,7 @@ module Zip
       data
     end
 
-    def reset!(_header)
-    end
+    def reset!(_header); end
   end
 end
 

data/lib/zip/crypto/traditional_encryption.rb

@@ -24,8 +24,8 @@ module Zip
       end
     end
 
-    def update_keys(n)
-      @key0 = ~Zlib.crc32(n, ~@key0)
+    def update_keys(num)
+      @key0 = ~Zlib.crc32(num, ~@key0)
       @key1 = ((@key1 + (@key0 & 0xff)) * 134_775_813 + 1) & 0xffffffff
       @key2 = ~Zlib.crc32((@key1 >> 24).chr, ~@key2)
     end
@@ -63,10 +63,10 @@ module Zip
 
     private
 
-    def encode(n)
+    def encode(num)
       t = decrypt_byte
-      update_keys(n.chr)
-      t ^ n
+      update_keys(num.chr)
+      t ^ num
     end
   end
 
@@ -86,10 +86,10 @@ module Zip
 
     private
 
-    def decode(n)
-      n ^= decrypt_byte
-      update_keys(n.chr)
-      n
+    def decode(num)
+      num ^= decrypt_byte
+      update_keys(num.chr)
+      num
     end
   end
 end

data/lib/zip/decompressor.rb

@@ -1,9 +1,27 @@
 module Zip
-  class Decompressor  #:nodoc:all
+  class Decompressor #:nodoc:all
     CHUNK_SIZE = 32_768
-    def initialize(input_stream)
+
+    def self.decompressor_classes
+      @decompressor_classes ||= {}
+    end
+
+    def self.register(compression_method, decompressor_class)
+      decompressor_classes[compression_method] = decompressor_class
+    end
+
+    def self.find_by_compression_method(compression_method)
+      decompressor_classes[compression_method]
+    end
+
+    attr_reader :input_stream
+    attr_reader :decompressed_size
+
+    def initialize(input_stream, decompressed_size = nil)
       super()
+
       @input_stream = input_stream
+      @decompressed_size = decompressed_size
     end
   end
 end

data/lib/zip/dos_time.rb

@@ -19,7 +19,7 @@ module Zip
     end
 
     def to_binary_dos_date
-      (day) +
+      day +
         (month << 5) +
         ((year - 1980) << 9)
     end
@@ -29,13 +29,18 @@ module Zip
       to_i / 2 == other.to_i / 2
     end
 
-    def self.parse_binary_dos_format(binaryDosDate, binaryDosTime)
-      second = 2 * (0b11111 & binaryDosTime)
-      minute = (0b11111100000 & binaryDosTime) >> 5
-      hour   = (0b1111100000000000 & binaryDosTime) >> 11
-      day    = (0b11111 & binaryDosDate)
-      month  = (0b111100000 & binaryDosDate) >> 5
-      year   = ((0b1111111000000000 & binaryDosDate) >> 9) + 1980
+    # Create a DOSTime instance from a vanilla Time instance.
+    def self.from_time(time)
+      local(time.year, time.month, time.day, time.hour, time.min, time.sec)
+    end
+
+    def self.parse_binary_dos_format(bin_dos_date, bin_dos_time)
+      second = 2 * (0b11111 & bin_dos_time)
+      minute = (0b11111100000 & bin_dos_time) >> 5
+      hour   = (0b1111100000000000 & bin_dos_time) >> 11
+      day    = (0b11111 & bin_dos_date)
+      month  = (0b111100000 & bin_dos_date) >> 5
+      year   = ((0b1111111000000000 & bin_dos_date) >> 9) + 1980
       begin
         local(year, month, day, hour, minute, second)
       end

data/lib/zip/entry.rb

@@ -1,3 +1,4 @@
+require 'pathname'
 module Zip
   class Entry
     STORED   = 0
@@ -7,6 +8,7 @@ module Zip
 
     attr_accessor :comment, :compressed_size, :crc, :extra, :compression_method,
                   :name, :size, :local_header_offset, :zipfile, :fstype, :external_file_attributes,
+                  :internal_file_attributes,
                   :gp_flags, :header_signature, :follow_symlinks,
                   :restore_times, :restore_permissions, :restore_ownership,
                   :unix_uid, :unix_gid, :unix_perms,
@@ -32,7 +34,7 @@ module Zip
       end
       @follow_symlinks = false
 
-      @restore_times       = true
+      @restore_times       = false
       @restore_permissions = false
       @restore_ownership   = false
       # BUG: need an extra field to support uid/gid's
@@ -46,6 +48,7 @@ module Zip
 
     def check_name(name)
       return unless name.start_with?('/')
+
       raise ::Zip::EntryNameError, "Illegal ZipEntry name '#{name}', name must not start with /"
     end
 
@@ -67,7 +70,15 @@ module Zip
       @time               = args[8] || ::Zip::DOSTime.now
 
       @ftype = name_is_directory? ? :directory : :file
-      @extra = ::Zip::ExtraField.new(@extra.to_s) unless @extra.is_a?(::Zip::ExtraField)
+      @extra = ::Zip::ExtraField.new(@extra.to_s) unless @extra.kind_of?(::Zip::ExtraField)
+    end
+
+    def encrypted?
+      gp_flags & 1 == 1
+    end
+
+    def incomplete?
+      gp_flags & 8 == 8
     end
 
     def time
@@ -89,16 +100,17 @@ module Zip
         @extra.create('UniversalTime')
       end
       (@extra['UniversalTime'] || @extra['NTFS']).mtime = value
-      @time                         = value
+      @time = value
     end
 
     def file_type_is?(type)
       raise InternalError, "current filetype is unknown: #{inspect}" unless @ftype
+
       @ftype == type
     end
 
     # Dynamic checkers
-    %w(directory file symlink).each do |k|
+    %w[directory file symlink].each do |k|
       define_method "#{k}?" do
         file_type_is?(k.to_sym)
       end
@@ -108,6 +120,18 @@ module Zip
       @name.end_with?('/')
     end
 
+    # Is the name a relative path, free of `..` patterns that could lead to
+    # path traversal attacks? This does NOT handle symlinks; if the path
+    # contains symlinks, this check is NOT enough to guarantee safety.
+    def name_safe?
+      cleanpath = Pathname.new(@name).cleanpath
+      return false unless cleanpath.relative?
+
+      root = ::File::SEPARATOR
+      naive_expanded_path = ::File.join(root, cleanpath.to_s)
+      ::File.absolute_path(cleanpath.to_s, root) == naive_expanded_path
+    end
+
     def local_entry_offset #:nodoc:all
       local_header_offset + @local_header_size
     end
@@ -132,6 +156,7 @@ module Zip
     # that we didn't change the header size (and thus clobber file data or something)
     def verify_local_header_size!
       return if @local_header_size.nil?
+
       new_size = calculate_local_header_size
       raise Error, "local header size changed (#{@local_header_size} -> #{new_size})" if @local_header_size != new_size
     end
@@ -146,15 +171,20 @@ module Zip
     end
 
     # Extracts entry to file dest_path (defaults to @name).
-    def extract(dest_path = @name, &block)
+    # NB: The caller is responsible for making sure dest_path is safe, if it
+    # is passed.
+    def extract(dest_path = nil, &block)
+      if dest_path.nil? && !name_safe?
+        warn "WARNING: skipped '#{@name}' as unsafe."
+        return self
+      end
+
+      dest_path ||= @name
       block ||= proc { ::Zip.on_exists_proc }
 
-      if directory? || file? || symlink?
-        __send__("create_#{@ftype}", dest_path, &block)
-      else
-        raise "unknown file type #{inspect}"
-      end
+      raise "unknown file type #{inspect}" unless directory? || file? || symlink?
 
+      __send__("create_#{@ftype}", dest_path, &block)
       self
     end
 
@@ -164,15 +194,15 @@ module Zip
 
     class << self
       def read_zip_short(io) # :nodoc:
-        io.read(2).unpack('v')[0]
+        io.read(2).unpack1('v')
       end
 
       def read_zip_long(io) # :nodoc:
-        io.read(4).unpack('V')[0]
+        io.read(4).unpack1('V')
       end
 
       def read_zip_64_long(io) # :nodoc:
-        io.read(8).unpack('Q<')[0]
+        io.read(8).unpack1('Q<')
       end
 
       def read_c_dir_entry(io) #:nodoc:all
@@ -197,8 +227,6 @@ module Zip
       end
     end
 
-    public
-
     def unpack_local_entry(buf)
       @header_signature,
         @version,
@@ -228,22 +256,27 @@ module Zip
       unless @header_signature == ::Zip::LOCAL_ENTRY_SIGNATURE
         raise ::Zip::Error, "Zip local header magic not found at location '#{local_header_offset}'"
       end
+
       set_time(@last_mod_date, @last_mod_time)
 
       @name = io.read(@name_length)
       extra = io.read(@extra_length)
 
-      @name.gsub!('\\', '/')
+      @name.tr!('\\', '/')
+      if ::Zip.force_entry_names_encoding
+        @name.force_encoding(::Zip.force_entry_names_encoding)
+      end
 
       if extra && extra.bytesize != @extra_length
         raise ::Zip::Error, 'Truncated local zip entry header'
+      end
+
+      if @extra.kind_of?(::Zip::ExtraField)
+        @extra.merge(extra) if extra
       else
-        if @extra.is_a?(::Zip::ExtraField)
-          @extra.merge(extra) if extra
-        else
-          @extra = ::Zip::ExtraField.new(extra)
-        end
+        @extra = ::Zip::ExtraField.new(extra)
       end
+
       parse_zip64_extra(true)
       @local_header_size = calculate_local_header_size
     end
@@ -252,13 +285,13 @@ module Zip
       zip64 = @extra['Zip64']
       [::Zip::LOCAL_ENTRY_SIGNATURE,
        @version_needed_to_extract, # version needed to extract
-       @gp_flags, # @gp_flags                  ,
+       @gp_flags, # @gp_flags
        @compression_method,
-       @time.to_binary_dos_time, # @last_mod_time              ,
-       @time.to_binary_dos_date, # @last_mod_date              ,
+       @time.to_binary_dos_time, # @last_mod_time
+       @time.to_binary_dos_date, # @last_mod_date
        @crc,
-       (zip64 && zip64.compressed_size) ? 0xFFFFFFFF : @compressed_size,
-       (zip64 && zip64.original_size) ? 0xFFFFFFFF : @size,
+       zip64 && zip64.compressed_size ? 0xFFFFFFFF : @compressed_size,
+       zip64 && zip64.original_size ? 0xFFFFFFFF : @size,
        name_size,
        @extra ? @extra.local_size : 0].pack('VvvvvvVVVvv')
     end
@@ -302,7 +335,7 @@ module Zip
     def set_ftype_from_c_dir_entry
       @ftype = case @fstype
                when ::Zip::FSTYPE_UNIX
-                 @unix_perms = (@external_file_attributes >> 16) & 07777
+                 @unix_perms = (@external_file_attributes >> 16) & 0o7777
                  case (@external_file_attributes >> 28)
                  when ::Zip::FILE_TYPE_DIR
                    :directory
@@ -330,21 +363,24 @@ module Zip
 
     def check_c_dir_entry_static_header_length(buf)
       return if buf.bytesize == ::Zip::CDIR_ENTRY_STATIC_HEADER_LENGTH
+
       raise Error, 'Premature end of file. Not enough data for zip cdir entry header'
     end
 
     def check_c_dir_entry_signature
       return if header_signature == ::Zip::CENTRAL_DIRECTORY_ENTRY_SIGNATURE
+
       raise Error, "Zip local header magic not found at location '#{local_header_offset}'"
     end
 
     def check_c_dir_entry_comment_size
       return if @comment && @comment.bytesize == @comment_length
+
       raise ::Zip::Error, 'Truncated cdir zip entry header'
     end
 
     def read_c_dir_extra_field(io)
-      if @extra.is_a?(::Zip::ExtraField)
+      if @extra.kind_of?(::Zip::ExtraField)
         @extra.merge(io.read(@extra_length))
       else
         @extra = ::Zip::ExtraField.new(io.read(@extra_length))
@@ -357,7 +393,10 @@ module Zip
       unpack_c_dir_entry(static_sized_fields_buf)
       check_c_dir_entry_signature
       set_time(@last_mod_date, @last_mod_time)
-      @name = io.read(@name_length).tr('\\', '/')
+      @name = io.read(@name_length)
+      if ::Zip.force_entry_names_encoding
+        @name.force_encoding(::Zip.force_entry_names_encoding)
+      end
       read_c_dir_extra_field(io)
       @comment = io.read(@comment_length)
       check_c_dir_entry_comment_size
@@ -375,20 +414,25 @@ module Zip
 
     def get_extra_attributes_from_path(path) # :nodoc:
       return if Zip::RUNNING_ON_WINDOWS
+
       stat        = file_stat(path)
       @unix_uid   = stat.uid
       @unix_gid   = stat.gid
-      @unix_perms = stat.mode & 07777
+      @unix_perms = stat.mode & 0o7777
+      @time = ::Zip::DOSTime.from_time(stat.mtime)
     end
 
-    def set_unix_permissions_on_path(dest_path)
-      # BUG: does not update timestamps into account
+    def set_unix_attributes_on_path(dest_path)
       # ignore setuid/setgid bits by default.  honor if @restore_ownership
-      unix_perms_mask = 01777
-      unix_perms_mask = 07777 if @restore_ownership
+      unix_perms_mask = 0o1777
+      unix_perms_mask = 0o7777 if @restore_ownership
       ::FileUtils.chmod(@unix_perms & unix_perms_mask, dest_path) if @restore_permissions && @unix_perms
       ::FileUtils.chown(@unix_uid, @unix_gid, dest_path) if @restore_ownership && @unix_uid && @unix_gid && ::Process.egid == 0
-      # File::utimes()
+
+      # Restore the timestamp on a file. This will either have come from the
+      # original source file that was copied into the archive, or from the
+      # creation date of the archive if there was no original source file.
+      ::FileUtils.touch(dest_path, mtime: time) if @restore_times
     end
 
     def set_extra_attributes_on_path(dest_path) # :nodoc:
@@ -396,7 +440,7 @@ module Zip
 
       case @fstype
       when ::Zip::FSTYPE_UNIX
-        set_unix_permissions_on_path(dest_path)
+        set_unix_attributes_on_path(dest_path)
       end
     end
 
@@ -406,21 +450,21 @@ module Zip
         @header_signature,
         @version, # version of encoding software
         @fstype, # filesystem type
-        @version_needed_to_extract, # @versionNeededToExtract           ,
-        @gp_flags, # @gp_flags                          ,
+        @version_needed_to_extract, # @versionNeededToExtract
+        @gp_flags, # @gp_flags
         @compression_method,
-        @time.to_binary_dos_time, # @last_mod_time                      ,
-        @time.to_binary_dos_date, # @last_mod_date                      ,
+        @time.to_binary_dos_time, # @last_mod_time
+        @time.to_binary_dos_date, # @last_mod_date
         @crc,
-        (zip64 && zip64.compressed_size) ? 0xFFFFFFFF : @compressed_size,
-        (zip64 && zip64.original_size) ? 0xFFFFFFFF : @size,
+        zip64 && zip64.compressed_size ? 0xFFFFFFFF : @compressed_size,
+        zip64 && zip64.original_size ? 0xFFFFFFFF : @size,
         name_size,
         @extra ? @extra.c_dir_size : 0,
         comment_size,
-        (zip64 && zip64.disk_start_number) ? 0xFFFF : 0, # disk number start
+        zip64 && zip64.disk_start_number ? 0xFFFF : 0, # disk number start
         @internal_file_attributes, # file type (binary=0, text=1)
         @external_file_attributes, # native filesystem attributes
-        (zip64 && zip64.relative_header_offset) ? 0xFFFFFFFF : @local_header_offset,
+        zip64 && zip64.relative_header_offset ? 0xFFFFFFFF : @local_header_offset,
         @name,
         @extra,
         @comment
@@ -433,18 +477,18 @@ module Zip
       when ::Zip::FSTYPE_UNIX
         ft = case @ftype
              when :file
-               @unix_perms ||= 0644
+               @unix_perms ||= 0o644
                ::Zip::FILE_TYPE_FILE
              when :directory
-               @unix_perms ||= 0755
+               @unix_perms ||= 0o755
                ::Zip::FILE_TYPE_DIR
              when :symlink
-               @unix_perms ||= 0755
+               @unix_perms ||= 0o755
                ::Zip::FILE_TYPE_SYMLINK
              end
 
         unless ft.nil?
-          @external_file_attributes = (ft << 12 | (@unix_perms & 07777)) << 16
+          @external_file_attributes = (ft << 12 | (@unix_perms & 0o7777)) << 16
         end
       end
 
@@ -457,8 +501,9 @@ module Zip
 
     def ==(other)
       return false unless other.class == self.class
+
       # Compares contents of local entry and exposed fields
-      keys_equal = %w(compression_method crc compressed_size size name extra filepath).all? do |k|
+      keys_equal = %w[compression_method crc compressed_size size name extra filepath].all? do |k|
         other.__send__(k.to_sym) == __send__(k.to_sym)
       end
       keys_equal && time.dos_equals(other.time)
@@ -488,7 +533,7 @@ module Zip
         end
       else
         zis = ::Zip::InputStream.new(@zipfile, local_header_offset)
-        zis.instance_variable_set(:@internal, true)
+        zis.instance_variable_set(:@complete_entry, self)
         zis.get_next_entry
         if block_given?
           begin
@@ -564,7 +609,7 @@ module Zip
     def set_time(binary_dos_date, binary_dos_time)
       @time = ::Zip::DOSTime.parse_binary_dos_format(binary_dos_date, binary_dos_time)
     rescue ArgumentError
-      warn 'Invalid date/time in zip entry' if ::Zip.warn_invalid_date
+      warn 'WARNING: invalid date/time in zip entry.' if ::Zip.warn_invalid_date
     end
 
     def create_file(dest_path, _continue_on_exists_proc = proc { Zip.continue_on_exists_proc })
@@ -574,18 +619,29 @@ module Zip
       end
       ::File.open(dest_path, 'wb') do |os|
         get_input_stream do |is|
-          set_extra_attributes_on_path(dest_path)
-
-          buf = ''
+          bytes_written = 0
+          warned = false
+          buf = +''
           while (buf = is.sysread(::Zip::Decompressor::CHUNK_SIZE, buf))
             os << buf
+            bytes_written += buf.bytesize
+            next unless bytes_written > size && !warned
+
+            message = "entry '#{name}' should be #{size}B, but is larger when inflated."
+            raise ::Zip::EntrySizeError, message if ::Zip.validate_entry_sizes
+
+            warn "WARNING: #{message}"
+            warned = true
           end
         end
       end
+
+      set_extra_attributes_on_path(dest_path)
     end
 
     def create_directory(dest_path)
       return if ::File.directory?(dest_path)
+
       if ::File.exist?(dest_path)
         if block_given? && yield(self, dest_path)
           ::FileUtils.rm_f dest_path
@@ -601,38 +657,16 @@ module Zip
 
     # BUG: create_symlink() does not use &block
     def create_symlink(dest_path)
-      stat = nil
-      begin
-        stat = ::File.lstat(dest_path)
-      rescue Errno::ENOENT
-      end
-
-      io     = get_input_stream
-      linkto = io.read
-
-      if stat
-        if stat.symlink?
-          if ::File.readlink(dest_path) == linkto
-            return
-          else
-            raise ::Zip::DestinationFileExistsError,
-                  "Cannot create symlink '#{dest_path}'. " \
-                      'A symlink already exists with that name'
-          end
-        else
-          raise ::Zip::DestinationFileExistsError,
-                "Cannot create symlink '#{dest_path}'. " \
-                    'A file already exists with that name'
-        end
-      end
-
-      ::File.symlink(linkto, dest_path)
+      # TODO: Symlinks pose security challenges. Symlink support temporarily
+      # removed in view of https://github.com/rubyzip/rubyzip/issues/369 .
+      warn "WARNING: skipped symlink '#{dest_path}'."
     end
 
     # apply missing data from the zip64 extra information field, if present
     # (required when file sizes exceed 2**32, but can be used for all files)
     def parse_zip64_extra(for_local_header) #:nodoc:all
       return if @extra['Zip64'].nil?
+
       if for_local_header
         @size, @compressed_size = @extra['Zip64'].parse(@size, @compressed_size)
       else
@@ -647,6 +681,7 @@ module Zip
     # create a zip64 extra information field if we need one
     def prep_zip64_extra(for_local_header) #:nodoc:all
       return unless ::Zip.write_zip64_support
+
       need_zip64 = @size >= 0xFFFFFFFF || @compressed_size >= 0xFFFFFFFF
       need_zip64 ||= @local_header_offset >= 0xFFFFFFFF unless for_local_header
       if need_zip64