Geek Answers Handbook

ZIP archive comment

I am currently developing a minimalist ZIP 2.0 library.

According to the motto “Read the f * ckin manual”! I read the PKWARE appnote , so I know the ZIP archive containing only the “end of the central directory entry” is considered empty. At the end of this report, the “archive comment” of the variable is defined, therefore, when loading the central directory, you have to scan backwards in search of the signature "PK \ 5 \ 6". This leaves me with two questions:

1) What if the user tries to add a comment to the archive containing this sequence?

2) Is an empty comment archive allowed? (WinRAR cannot show it when the archive is empty, but 7-Zip)

UPDATE:

I had an email contact with Mr. Roshal, Lead Developer of WinRAR. He confirmed 2) to be a bug in WinRAR, which is now fixed.

+5
source share
1 answer

The zip file format does not indicate what is valid for the contents of the file comment or zipfile comment. In one place, their documentation describes the comment as “textual information,” but in another place the comment is described as “data bytes,” and appnote itself says nothing about what can be done in the comment.

However, even if the specification allows arbitrary binary data in a comment, this does not mean that you should allow it to use your library, and if you decide to allow it, it does not mean that you need to do this easily.

So, here is a list of possible comment processing methods. Choose one.

  • Refuse the possibility of using binary data in comments.
  • Allow binary data, but refuse to allow a specific signature.
  • Allow arbitrary binary data, but require the user to provide some additional confirmation if they try to enable the signature.
  • Allow arbitrary binary data, don't worry about the signature.

Of course, for any option where a signature is possible, the documentation should warn the user that this will lead to an invalid ZIP file.

0
source

More articles:


All Articles