Skip to content

Allow ZipFile to accept empty strings as passwords when decrypting AES entries #472

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Jun 19, 2020
Merged

Allow ZipFile to accept empty strings as passwords when decrypting AES entries #472

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
0ee09ac
unit test for reading an AES encrypted entry with an empty password
Numpsy Jun 14, 2020
d0463ea
Allow ZipFile to accept empty strings as passwords when decrypting AE…
Numpsy Jun 14, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 4 additions & 3 deletions src/ICSharpCode.SharpZipLib/Zip/ZipFile.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -367,9 +367,10 @@ public string Password
}
else
{
rawPassword_ = value;
key = PkzipClassic.GenerateKeys(ZipStrings.ConvertToArray(value));
}

rawPassword_ = value;
}
}

Expand Down Expand Up @@ -3612,9 +3613,9 @@ private Stream CreateAndInitDecryptionStream(Stream baseStream, ZipEntry entry)
{
if (entry.Version >= ZipConstants.VERSION_AES)
{
//
// Issue #471 - accept an empty string as a password, but reject null.
OnKeysRequired(entry.Name);
if (HaveKeys == false)
if (rawPassword_ == null)
{
throw new ZipException("No password available for AES encrypted stream");
}
Expand Down
34 changes: 34 additions & 0 deletions test/ICSharpCode.SharpZipLib.Tests/Zip/ZipEncryptionHandling.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -365,6 +365,40 @@ public void ZipFileAesDelete()
}
}

// This is a zip file with one AES encrypted entry, whose password in an empty string.
const string TestFileWithEmptyPassword = @"UEsDBDMACQBjACaj0FAyKbop//////////8EAB8AdGVzdAEAEAA4AAAA
AAAAAFIAAAAAAAAAAZkHAAIAQUUDCABADvo3YqmCtIE+lhw26kjbqkGsLEOk6bVA+FnSpVD4yGP4Mr66Hs14aTtsPUaANX2
Z6qZczEmwoaNQpNBnKl7p9YOG8GSHDfTCUU/AZvT4yGFhUEsHCDIpuilSAAAAAAAAADgAAAAAAAAAUEsBAjMAMwAJAGMAJq
PQUDIpuin//////////wQAHwAAAAAAAAAAAAAAAAAAAHRlc3QBABAAOAAAAAAAAABSAAAAAAAAAAGZBwACAEFFAwgAUEsFBgAAAAABAAEAUQAAAKsAAAAAAA==";

/// <summary>
/// Test reading an AES encrypted entry whose password is an empty string.
/// </summary>
/// <remarks>
/// Test added for https://github.com/icsharpcode/SharpZipLib/issues/471.
/// </remarks>
[Test]
[Category("Zip")]
public void ZipFileAESReadWithEmptyPassword()
{
var fileBytes = Convert.FromBase64String(TestFileWithEmptyPassword);

using (var ms = new MemoryStream(fileBytes))
using (var zipFile = new ZipFile(ms, leaveOpen: true))
{
zipFile.Password = string.Empty;

var entry = zipFile.FindEntry("test", true);

using (var inputStream = zipFile.GetInputStream(entry))
using (var sr = new StreamReader(inputStream, Encoding.UTF8))
{
var content = sr.ReadToEnd();
Assert.That(content, Is.EqualTo("Lorem ipsum dolor sit amet, consectetur adipiscing elit."), "Decompressed content does not match expected data");
}
}
}

private static readonly string[] possible7zPaths = new[] {
// Check in PATH
"7z", "7za",
Expand Down