additional false positive filter for malformed zip

agourlay · Sep 28, 2024 · 25f4e23 · 25f4e23
1 parent 9dd5938
commit 25f4e23
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/src/password_worker.rs b/src/password_worker.rs
@@ -133,6 +133,11 @@ pub fn password_checker(
                         Err(ZipError::InvalidPassword) => (), // invalid password
                         Err(e) => panic!("Unexpected error {e:?}"),
                         Ok(mut zip) => {
+                            // files in well-formed zip file should have a name
+                            if zip.enclosed_name().is_none() {
+                                // no file name, skip
+                                continue;
+                            }
                             // Validate password by reading the zip file to make sure it is not merely a hash collision.
                             let zip_size = zip.size() as usize;
                             extraction_buffer.reserve(zip_size);