libjar nsZipArchive.cpp ExtractMode() function assumes unix like file attributes in external_attributes

UNCONFIRMED
Unassigned

Status

()

P5
major
UNCONFIRMED
12 years ago
a year ago

People

(Reporter: kurt, Unassigned)

Tracking

Trunk
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [necko-would-take])

(Reporter)

Description

12 years ago
User-Agent:       Mozilla/5.0 (compatible; Konqueror/3.5; OpenBSD) KHTML/3.5.5 (like Gecko)
Build Identifier: xulrunner 1.8.0.4

There is an assumption that external_attributes contains unix like file attributes. When a zip file is created on a non-unix system, this is not a valid assumption and the item->mode is setup incorrectly. This results in files extracted with the wrong mode (usually 600).

To demonstrate the problem using xulrunner, perform a --install-app on the chatzilla-0.9.77-xr.zip example xul app on a unix system. All the files are created with mode 600.



Reproducible: Always

Steps to Reproduce:
1. download http://chatzilla.rdmsoft.com/xulrunner/download/chatzilla-0.9.77-xr.zip
2. sudo xulrunner --install-app chatzilla-0.9.77-xr.zip




ExtractMode() should inspect version_made_by[1] and confirm unix like file attributes before using them. For non-unix like attributes either set a sane default or deal with the various cases (see unzip/zipinfo for example code).
Whiteboard: [necko-would-take]
You need to log in before you can comment on or make changes to this bug.