File: DataDescriptorSignatureMissing.java

package info (click to toggle)
openjdk-21 21.0.8%2B9-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 823,976 kB
  • sloc: java: 5,613,338; xml: 1,643,607; cpp: 1,296,296; ansic: 420,291; asm: 404,850; objc: 20,994; sh: 15,271; javascript: 11,245; python: 6,895; makefile: 2,362; perl: 357; awk: 351; sed: 172; jsp: 24; csh: 3
file content (161 lines) | stat: -rw-r--r-- 6,469 bytes parent folder | download | duplicates (11)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
/*
 * Copyright 2012 Google, Inc.  All Rights Reserved.
 * Copyright (c) 2023, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License version 2 only, as
 * published by the Free Software Foundation.
 *
 * This code is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * version 2 for more details (a copy is included in the LICENSE file that
 * accompanied this code).
 *
 * You should have received a copy of the GNU General Public License version
 * 2 along with this work; if not, write to the Free Software Foundation,
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
 * or visit www.oracle.com if you need additional information or have any
 * questions.
 */

/**
 * @test
 * @bug 8056934
 * @summary Verify the ability to read zip files whose local header
 * data descriptor is missing the optional signature
 * <p>
 * No way to adapt the technique in this test to get a ZIP64 zip file
 * without data descriptors was found.
 * @run junit DataDescriptorSignatureMissing
 */


import org.junit.jupiter.api.Test;

import java.io.*;
import java.nio.ByteBuffer;
import java.nio.ByteOrder;
import java.nio.charset.StandardCharsets;
import java.util.zip.*;

import static org.junit.jupiter.api.Assertions.*;

public class DataDescriptorSignatureMissing {

    /**
     * Verify that ZipInputStream correctly parses a ZIP with a Data Descriptor without
     * the recommended but optional signature.
     */
    @Test
    public void shouldParseSignaturelessDescriptor() throws IOException {
        // The ZIP with a signature-less descriptor
        byte[] zip = makeZipWithSignaturelessDescriptor();

        // ZipInputStream should read the signature-less data descriptor
        try (ZipInputStream in = new ZipInputStream(
                new ByteArrayInputStream(zip))) {
            ZipEntry first = in.getNextEntry();
            assertNotNull(first, "Zip file is unexpectedly missing first entry");
            assertEquals("first", first.getName());
            assertArrayEquals("first".getBytes(StandardCharsets.UTF_8), in.readAllBytes());

            ZipEntry second = in.getNextEntry();
            assertNotNull(second, "Zip file is unexpectedly missing second entry");
            assertEquals("second", second.getName());
            assertArrayEquals("second".getBytes(StandardCharsets.UTF_8), in.readAllBytes());
        }

    }

    /**
     * The 'Data descriptor' record is used to facilitate ZIP streaming. If the size of an
     * entry is unknown at the time the LOC header is written, bit 3 of the General Purpose Bit Flag
     * is set, and the File data is immediately followed by the 'Data descriptor' record. This record
     * then contains the compressed and uncompressed sizes of the entry and also the CRC value.
     *
     * The 'Data descriptor' record is usually preceded by the recommended, but optional
     * signature value 0x08074b50.
     *
     * A ZIP entry in streaming mode has the following structure:
     *
     *  ------  Local File Header  ------
     *  000000  signature          0x04034b50
     *  000004  version            20
     *  000006  flags              0x0808   # Notice bit 3 is set
     *  [..] Omitted for brevity
     *
     *  ------  File Data  ------
     *  000035  data               7 bytes
     *
     *  ------  Data Descriptor  ------
     *  000042  signature          0x08074b50
     *  000046  crc                0x3610a686
     *  000050  csize              7
     *  000054  size               5
     *
     * A signature-less data descriptor will look like the following:
     *
     *  ------  Data Descriptor  ------
     *  000042  crc                0x3610a686
     *  000046  csize              7
     *  000050  size               5
     *
     * This method produces a ZIP with two entries, where the first entry
     * is made signature-less.
     */
    private static byte[] makeZipWithSignaturelessDescriptor() throws IOException {
        // Offset of the signed data descriptor
        int sigOffset;

        ByteArrayOutputStream out = new ByteArrayOutputStream();
        try (ZipOutputStream zo = new ZipOutputStream(out)) {
            // Write a first entry
            zo.putNextEntry(new ZipEntry("first"));
            zo.write("first".getBytes(StandardCharsets.UTF_8));
            // Force the data descriptor to be written out
            zo.closeEntry();
            // Signed data descriptor starts 16 bytes before current offset
            sigOffset = out.size() - 4 * Integer.BYTES;
            // Add a second entry
            zo.putNextEntry(new ZipEntry("second"));
            zo.write("second".getBytes(StandardCharsets.UTF_8));
        }

        // The generated ZIP file with a signed data descriptor
        byte[] sigZip = out.toByteArray();

        // The offset of the CRC immediately following the 4-byte signature
        int crcOffset = sigOffset + Integer.BYTES;

        // Create a ZIP file with a signature-less data descriptor for the first entry
        ByteArrayOutputStream sigLess = new ByteArrayOutputStream();
        sigLess.write(sigZip, 0, sigOffset);
        // Skip the signature
        sigLess.write(sigZip, crcOffset, sigZip.length - crcOffset);

        byte[] siglessZip = sigLess.toByteArray();

        // Adjust the CEN offset in the END header
        ByteBuffer buffer = ByteBuffer.wrap(siglessZip).order(ByteOrder.LITTLE_ENDIAN);
        // Reduce cenOffset by 4 bytes
        int cenOff = siglessZip.length - ZipFile.ENDHDR + ZipFile.ENDOFF;
        int realCenOff = buffer.getInt(cenOff) - Integer.BYTES;
        buffer.putInt(cenOff, realCenOff);

        // Adjust the LOC offset in the second CEN header
        int cen = realCenOff;
        // Skip past the first CEN header
        int nlen = buffer.getShort(cen + ZipFile.CENNAM);
        cen += ZipFile.CENHDR + nlen;

        // Reduce LOC offset by 4 bytes
        int locOff = cen + ZipFile.CENOFF;
        buffer.putInt(locOff, buffer.getInt(locOff) - Integer.BYTES);

        return siglessZip;
    }
}