RFR: 8313765: Invalid CEN header (invalid zip64 extra data field size)
Lance Andersen
lancea at openjdk.org
Mon Aug 14 16:11:01 UTC 2023
This PR updates the extra field validation added as part of [JDK-8302483](https://bugs.openjdk.org/browse/JDK-8302483) to deal with issues seen with 3rd party tools/libraries where a ZipException may be encountered when opening select APK, ZIP or JAR files. Please see refer to the links provided at the end the description for the more information ::
> ZipException: Invalid CEN header (invalid zip64 extra data field size)
1. Extra field includes padding :
----------------#1--------------------
[Central Directory Header]
0x3374: Signature : 0x02014b50
0x3378: Created Zip Spec : 0xa [1.0]
0x3379: Created OS : 0x0 [MS-DOS]
0x337a: VerMadeby : 0xa [0, 1.0]
0x337b: VerExtract : 0xa [1.0]
0x337c: Flag : 0x800
0x337e: Method : 0x0 [STORED]
0x3380: Last Mod Time : 0x385ca437 [Thu Feb 28 20:33:46 EST 2008]
0x3384: CRC : 0x694c6952
0x3388: Compressed Size : 0x624
0x338c: Uncompressed Size: 0x624
0x3390: Name Length : 0x1b
0x3392: Extra Length : 0x7
[tag=0xcafe, sz=0, data= ]
->[tag=cafe, size=0]
0x3394: Comment Length : 0x0
0x3396: Disk Start : 0x0
0x3398: Attrs : 0x0
0x339a: AttrsEx : 0x0
0x339e: Loc Header Offset: 0x0
0x33a2: File Name : res/drawable/size_48x48.jpg
The extra field tag of `0xcafe` has its data size set to `0`. and the extra length is `7`. It is expected that you can use the tag's data size to traverse the extra fields.
2. The [BND tool](https://github.com/bndtools/bnd) added [problematic data to the extra field](https://issues.apache.org/jira/browse/FELIX-6622):
----------------#359--------------------
[Central Directory Header]
0x600b4: Signature : 0x02014b50
0x600b8: Created Zip Spec : 0x14 [2.0]
0x600b9: Created OS : 0x0 [MS-DOS]
0x600ba: VerMadeby : 0x14 [0, 2.0]
0x600bb: VerExtract : 0x14 [2.0]
0x600bc: Flag : 0x808
0x600be: Method : 0x8 [DEFLATED]
0x600c0: Last Mod Time : 0x2e418983 [Sat Feb 01 17:12:06 EST 2003]
0x600c4: CRC : 0xd8f689cb
0x600c8: Compressed Size : 0x23e
0x600cc: Uncompressed Size: 0x392
0x600d0: Name Length : 0x20
0x600d2: Extra Length : 0x8
[tag=0xbfef, sz=61373, data=
0x600d4: Comment Length : 0x0
0x600d6: Disk Start : 0x0
0x600d8: Attrs : 0x0
0x600da: AttrsEx : 0x0
0x600de: Loc Header Offset: 0x4f2fe
0x600e2: File Name : net/n3/nanoxml/CDATAReader.class
In the above example, the extra length is `0x8` and the tag size is `61373` which exceeds the extra length.
zip -T would also report an error:
> zip -T foo.jar
> net/n3/nanoxml/CDATAReader.class bad extra-field entry:
> EF block length (61373 bytes) exceeds remaining EF data (4 bytes)
> test of foo.jar FAILED
3. Some releases of Ant and commons-compress create CEN Zip64 extra headers with a size of 0 when Zip64 mode is required :
----------------#63--------------------
[Central Directory Header]
0x2fded9: Signature : 0x02014b50
0x2fdedd: Created Zip Spec : 0x2d [4.5]
0x2fdede: Created OS : 0x3 [UNIX]
0x2fdedf: VerMadeby : 0x32d [3, 4.5]
0x2fdee0: VerExtract : 0x2d [4.5]
0x2fdee1: Flag : 0x800
0x2fdee3: Method : 0x8 [DEFLATED]
0x2fdee5: Last Mod Time : 0x43516617 [Thu Oct 17 12:48:46 EDT 2013]
0x2fdee9: CRC : 0x0
0x2fdeed: Compressed Size : 0x2
0x2fdef1: Uncompressed Size: 0x0
0x2fdef5: Name Length : 0x22
0x2fdef7: Extra Length : 0x4
[tag=0x0001, sz=0, data= ]
->ZIP64:
0x2fdef9: Comment Length : 0x0
0x2fdefb: Disk Start : 0x0
0x2fdefd: Attrs : 0x0
0x2fdeff: AttrsEx : 0x81a40000
0x2fdf03: Loc Header Offset: 0x1440
0x2fdf07: File Name : .xdk_version_12.1.0.2.0_production
[Local File Header]
0x1440: Signature : 0x04034b50
0x1444: Version : 0x2d [4.5]
0x1446: Flag : 0x800
0x1448: Method : 0x8 [DEFLATED]
0x144a: LastMTime : 0x43516617 [Thu Oct 17 12:48:46 EDT 2013]
0x144e: CRC : 0x0
0x1452: CSize : 0xffffffff
0x1456: Size : 0xffffffff
0x145a: Name Length : 0x22 [.xdk_version_12.1.0.2.0_production]
0x145c: ExtraLength : 0x14
[tag=0x0001, sz=16, data= 00 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 ]
->ZIP64: size *0x0 csize *0x2 *0x2d04034b500003
0x145e: File Name : [.xdk_version_12.1.0.2.0_production]
Notice the CEN Extra length differs for the same tag in the LOC.
As we are validating the Zip64 extra fields, we are not expecting the data size to be 0.
Mach5 tiers 1-6 and the relevant JCK tests continue to pass with the above changes.
The following 3rd party tools have (or have pending) fixes to address the issues highlighted above:
- Apache Commons-compress fix for [Empty CEN Zip64 Extra Headers](https://github.com/apache/commons-compress/pull/10) fixed in [Commons-compress ](https://commons.apache.org/proper/commons-compress/changes-report.html#a1.11)[1.11](https://commons.apache.org/proper/commons-compress/changes-report.html#a1.11) (2016)
- Ant fix for Empty [CEN Zip64 Extra Headers in process ](https://bz.apache.org/bugzilla/show_bug.cgi?id=66873) will be available in Ant 1.10.14 once it goes GA.
- BND issue with writing invalid [Extra Headers](https://issues.apache.org/jira/browse/FELIX-6622) and is fixed in[ BND 5.3](https://github.com/bndtools/bnd/issues/4507) (2021)
- The [maven-bundle-plugin 5.1.5](https://felix.apache.org/documentation/_attachments/components/bundle-plugin/index.html) includes the BND 5.3 patch.
-------------
Commit messages:
- Minor comment word smithing
- Fix for JDK-8313765
Changes: https://git.openjdk.org/jdk/pull/15273/files
Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=15273&range=00
Issue: https://bugs.openjdk.org/browse/JDK-8313765
Stats: 696 lines in 4 files changed: 676 ins; 4 del; 16 mod
Patch: https://git.openjdk.org/jdk/pull/15273.diff
Fetch: git fetch https://git.openjdk.org/jdk.git pull/15273/head:pull/15273
PR: https://git.openjdk.org/jdk/pull/15273
More information about the core-libs-dev
mailing list