From 80e8b2977b7343df0b7fb1b6da7fa34dbd7e0b40 Mon Sep 17 00:00:00 2001
From: Stefan Bodewig <bodewig@apache.org>
Date: Thu, 17 Jul 2008 13:14:30 +0000
Subject: [PATCH] an archive with an empty central directory is broken.  PR
 35000.  Submitted by Thomas Aglassinger.

git-svn-id: https://svn.apache.org/repos/asf/ant/core/trunk@677575 13f79535-47bb-0310-9956-ffa450edef68
---
 CONTRIBUTORS                               |   1 +
 WHATSNEW                                   |   3 ++
 contributors.xml                           |   4 +++
 src/main/org/apache/tools/zip/ZipFile.java |   4 +++
 src/tests/antunit/taskdefs/broken_cd.zip   | Bin 0 -> 326 bytes
 src/tests/antunit/taskdefs/unzip-test.xml  |  39 +++++++++++++++++++++
 6 files changed, 51 insertions(+)
 create mode 100644 src/tests/antunit/taskdefs/broken_cd.zip
 create mode 100644 src/tests/antunit/taskdefs/unzip-test.xml

diff --git a/CONTRIBUTORS b/CONTRIBUTORS
index 35df55ef9..e45c14031 100644
--- a/CONTRIBUTORS
+++ b/CONTRIBUTORS
@@ -267,6 +267,7 @@ Takashi Okamoto
 Taoufik Romdhane
 Tariq Master
 Trejkaz Xaoza
+Thomas Aglassinger
 Thomas Butz
 Thomas Christen
 Thomas Christensen
diff --git a/WHATSNEW b/WHATSNEW
index 128e1d6aa..0821e41f7 100644
--- a/WHATSNEW
+++ b/WHATSNEW
@@ -58,6 +58,9 @@ Changes that could break older environments:
    passed in a null or empty InputStream to read from.
    Bugzilla Report 32200
 
+ * <unzip> will now fail on archives with an empty central directory.
+   Bugzilla report 35000.
+
 Fixed bugs:
 -----------
 
diff --git a/contributors.xml b/contributors.xml
index 5ae2e5ebc..3c98eca29 100644
--- a/contributors.xml
+++ b/contributors.xml
@@ -1074,6 +1074,10 @@
     <first>Tariq</first>
     <last>Master</last>
   </name>
+  <name>
+    <first>Thomas</first>
+    <last>Aglassinger</last>
+  </name>
   <name>
     <first>Thomas</first>
     <last>Butz</last>
diff --git a/src/main/org/apache/tools/zip/ZipFile.java b/src/main/org/apache/tools/zip/ZipFile.java
index 4e7edcff2..f15f4aa7d 100644
--- a/src/main/org/apache/tools/zip/ZipFile.java
+++ b/src/main/org/apache/tools/zip/ZipFile.java
@@ -276,6 +276,10 @@ public class ZipFile {
         archive.readFully(signatureBytes);
         long sig = ZipLong.getValue(signatureBytes);
         final long cfhSig = ZipLong.getValue(ZipOutputStream.CFH_SIG);
+        if (sig != cfhSig) {
+            throw new IOException("central directory is empty, can't expand"
+                                  + " archive.");
+        }
         while (sig == cfhSig) {
             archive.readFully(cfh);
             int off = 0;
diff --git a/src/tests/antunit/taskdefs/broken_cd.zip b/src/tests/antunit/taskdefs/broken_cd.zip
new file mode 100644
index 0000000000000000000000000000000000000000..721fb450192f3ea919a49b76a0ce663e811b74f7
GIT binary patch
literal 326
zcmWIWW@Zs#-~d7f21Ou709GK=P_Lw-<n2L6J_kV_2gmH?FRm{6v!r{~2i-gOY@eLH
z^0sctwxySk<zG~_(_Hj$nI$7gcY}CLfHylw`x=`&Mj*Zb1495_ON^*x2_usT1Hv!J
h4gmQD6@Yyf;7zQSRG@CKI|IB~*+3>S0bv^4NC157Nsa&j

literal 0
HcmV?d00001

diff --git a/src/tests/antunit/taskdefs/unzip-test.xml b/src/tests/antunit/taskdefs/unzip-test.xml
new file mode 100644
index 000000000..80fcf3fdd
--- /dev/null
+++ b/src/tests/antunit/taskdefs/unzip-test.xml
@@ -0,0 +1,39 @@
+<?xml version="1.0"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+
+<project name="unzip-test" default="antunit"
+         xmlns:au="antlib:org.apache.ant.antunit">
+  <import file="../antunit-base.xml" />
+
+  <property name="dest.dir" location="unzip.dest"/>
+
+  <target name="setUp">
+    <mkdir dir="${dest.dir}" />
+  </target>
+
+  <target name="tearDown">
+    <delete dir="${dest.dir}"/>
+  </target>
+
+  <target name="testFailureOnBrokenCentralDirectoryStructure">
+    <au:expectfailure
+       expectedmessage="central directory is empty, can't expand archive.">
+      <unzip src="broken_cd.zip" dest="${dest.dir}"/>
+    </au:expectfailure>
+  </target>
+</project>