How to continue work on std.zip
berni44
dlang at d-ecke.de
Wed Oct 23 07:24:27 UTC 2019
On Tuesday, 22 October 2019 at 20:18:44 UTC, Walter Bright wrote:
> On 10/20/2019 7:03 AM, berni44 wrote:
>> Recently I fixed some bugs in std.zip, mainly concerning
>> malware attacks.
>
> Within the last year, I recall a post on reddit or hackernews
> that had a long list of ways to make zip bombs. It'd be a great
> initiative to defeat all of these with std.zip.
That's allready done. std.zip meanwhile checks for overlapping
data and rejects any such file. Actually this (namely an issue
you filed) was the reason, why I started work on std.zip. Some
minor stuff, like path traversal attacks, remains though.
More information about the Digitalmars-d
mailing list