RFR: 8314891: Additional Zip64 extra header validation [v8]
Marco N.
duke at openjdk.org
Mon May 13 15:15:18 UTC 2024
On Wed, 8 Nov 2023 17:27:19 GMT, Lance Andersen <lancea at openjdk.org> wrote:
>> @LanceAndersen
>>
>> I noticed that this PR did not update `ZipInputStream.readLOC` to perform consistency validation between expected and actual extra field size and values. Any particular reason why processing of LOC headers was not made consistent with CEN?
>
>> @LanceAndersen
>>
>> I noticed that this PR did not update `ZipInputStream.readLOC` to perform consistency validation between expected and actual extra field size and values. Any particular reason why processing of LOC headers was not made consistent with CEN?
>
> Intentional, as this was a follow on to the updates which were done previously to the CEN work in August, this is follow on cleanup.
>
> Updates to ZipInputStream would be done separately under a separate PR or could be done via your work on 8303866
Hey @LanceAndersen,
It was a common practice in obfuscation, to create zips with invalid headers. This change leads to a behavioral change that affects existing work processes. Would it be possible to add an system property to restore the old behavior?
-------------
PR Comment: https://git.openjdk.org/jdk/pull/15650#issuecomment-2107932136
More information about the core-libs-dev
mailing list