Skip to content

Fixed decrypted_io to only perform integrity once#665

Closed
ListlessPanda wants to merge 2 commits into
rubyzip:mainfrom
ListlessPanda:AES-decrypted-integrity-edge-case
Closed

Fixed decrypted_io to only perform integrity once#665
ListlessPanda wants to merge 2 commits into
rubyzip:mainfrom
ListlessPanda:AES-decrypted-integrity-edge-case

Conversation

@ListlessPanda

Copy link
Copy Markdown
Contributor

If read is called on an entry where the Zip::DecryptedIo::CHUNK_SIZE will reach the end (thus input_finished?) but maxlen limits the output we will still do the integrity check on any follow up read which will then cause the integrity check to read 10 bytes further and cause an integrity error.

I added a change so that if the integrity check has already been done (meaning we have reached the end) it won't run again on buffer reads,

@hainesr hainesr self-assigned this Jun 27, 2026
@hainesr hainesr added the bug label Jun 27, 2026
@hainesr hainesr added this to the 3.4.1 milestone Jun 27, 2026
@hainesr

hainesr commented Jun 27, 2026

Copy link
Copy Markdown
Member

Hi @ListlessPanda,

Thanks for this. I'll have a look in more detail over the next couple of days.

Don't worry about the failing linter; it's just a bit of trailing whitespace which I can fix easily enough.

@hainesr

hainesr commented Jun 27, 2026

Copy link
Copy Markdown
Member

Hi @ListlessPanda,

Thanks, I've now merged this minus the changes related to returning empty strings. It may well be that your changes were correct, but they may also have caused backwards-incompatibility at this stage. I will fix all these issues in the next major version.

Will release this code soon, thanks again!

@hainesr hainesr closed this Jun 27, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants