self.assertTrue(tmpdir+'/subdir1/subdir2/file3-1024.txt')
self.rm_testdir()
- url_CVE_2017_5977 = "https://raw.githubusercontent.com/asarubbo/poc/master/"
+ url_CVE_2017_5977 = "https://github.com/asarubbo/poc/blob/master"
zip_CVE_2017_5977 = "00153-zziplib-invalidread-zzip_mem_entry_extra_block"
def test_59770_infozipdir_CVE_2017_5977(self):
""" run info-zip dir test0.zip """
tmpdir = self.testdir()
filename = self.zip_CVE_2017_5977
file_url = self.url_CVE_2017_5977
- download(file_url, filename, tmpdir)
+ download_raw(file_url, filename, tmpdir)
exe = self.bins("unzip")
run = shell("{exe} -l {tmpdir}/{filename} ".format(**locals()),
returncodes = [0, 2])
tmpdir = self.testdir()
filename = self.zip_CVE_2017_5977
file_url = self.url_CVE_2017_5977
- download(file_url, filename, tmpdir)
+ download_raw(file_url, filename, tmpdir)
exe = self.bins("unzzip-big")
run = shell("{exe} -l {tmpdir}/{filename} ".format(**locals()),
returncodes = [0])
tmpdir = self.testdir()
filename = self.zip_CVE_2017_5977
file_url = self.url_CVE_2017_5977
- download(file_url, filename, tmpdir)
+ download_raw(file_url, filename, tmpdir)
exe = self.bins("unzzip-mem")
run = shell("{exe} -l {tmpdir}/{filename} ".format(**locals()),
returncodes = [0])
tmpdir = self.testdir()
filename = self.zip_CVE_2017_5977
file_url = self.url_CVE_2017_5977
- download(file_url, filename, tmpdir)
+ download_raw(file_url, filename, tmpdir)
exe = self.bins("unzzip-mix")
run = shell("{exe} -l {tmpdir}/{filename} ".format(**locals()),
returncodes = [0])
tmpdir = self.testdir()
filename = self.zip_CVE_2017_5977
file_url = self.url_CVE_2017_5977
- download(file_url, filename, tmpdir)
+ download_raw(file_url, filename, tmpdir)
exe = self.bins("unzzip")
run = shell("{exe} -l {tmpdir}/{filename} ".format(**locals()),
returncodes = [0, 255])
self.assertLess(len(errors(run.errors)), 1)
self.assertEqual(os.path.getsize(tmpdir+"/test"), 3) # TODO
self.rm_testdir()
+ def test_59779(self):
+ """ check $(CVE).zip """
+ tmpdir = self.testdir()
+ filename = self.zip_CVE_2017_5977
+ file_url = self.url_CVE_2017_5977
+ download_raw(file_url, filename, tmpdir)
+ shell("ls -l {tmpdir}/{filename}".format(**locals()))
+ size = os.path.getsize(os.path.join(tmpdir, filename))
+ self.assertEqual(size, 163)
- url_CVE_2017_5978 = "https://raw.githubusercontent.com/asarubbo/poc/master/"
+ url_CVE_2017_5978 = "https://github.com/asarubbo/poc/blob/master"
zip_CVE_2017_5978 = "00156-zziplib-oobread-zzip_mem_entry_new"
def test_59780_infozipdir_CVE_2017_5978(self):
""" run info-zip dir test0.zip """
tmpdir = self.testdir()
filename = self.zip_CVE_2017_5978
file_url = self.url_CVE_2017_5978
- download(file_url, filename, tmpdir)
+ download_raw(file_url, filename, tmpdir)
exe = self.bins("unzip")
run = shell("{exe} -l {tmpdir}/{filename} ".format(**locals()),
returncodes = [0, 3])
tmpdir = self.testdir()
filename = self.zip_CVE_2017_5978
file_url = self.url_CVE_2017_5978
- download(file_url, filename, tmpdir)
+ download_raw(file_url, filename, tmpdir)
exe = self.bins("unzzip-big")
run = shell("{exe} -l {tmpdir}/{filename} ".format(**locals()),
returncodes = [0])
tmpdir = self.testdir()
filename = self.zip_CVE_2017_5978
file_url = self.url_CVE_2017_5978
- download(file_url, filename, tmpdir)
+ download_raw(file_url, filename, tmpdir)
exe = self.bins("unzzip-mem")
run = shell("{exe} -l {tmpdir}/{filename} ".format(**locals()),
returncodes = [0])
tmpdir = self.testdir()
filename = self.zip_CVE_2017_5978
file_url = self.url_CVE_2017_5978
- download(file_url, filename, tmpdir)
+ download_raw(file_url, filename, tmpdir)
exe = self.bins("unzzip-mix")
run = shell("{exe} -l {tmpdir}/{filename} ".format(**locals()),
returncodes = [0,2])
tmpdir = self.testdir()
filename = self.zip_CVE_2017_5978
file_url = self.url_CVE_2017_5978
- download(file_url, filename, tmpdir)
+ download_raw(file_url, filename, tmpdir)
exe = self.bins("unzzip")
run = shell("{exe} -l {tmpdir}/{filename} ".format(**locals()),
returncodes = [3])
self.assertFalse(os.path.exists(tmpdir+"/test"))
# self.assertEqual(os.path.getsize(tmpdir+"/test"), 0)
self.rm_testdir()
+ def test_59789(self):
+ """ check $(CVE).zip """
+ tmpdir = self.testdir()
+ filename = self.zip_CVE_2017_5978
+ file_url = self.url_CVE_2017_5978
+ download_raw(file_url, filename, tmpdir)
+ shell("ls -l {tmpdir}/{filename}".format(**locals()))
+ size = os.path.getsize(os.path.join(tmpdir, filename))
+ self.assertEqual(size, 161)
- url_CVE_2017_5979 = "https://raw.githubusercontent.com/asarubbo/poc/master/"
+ url_CVE_2017_5979 = "https://github.com/asarubbo/poc/blob/master"
zip_CVE_2017_5979 = "00157-zziplib-nullptr-prescan_entry"
def test_59790_infozipdir_CVE_2017_5979(self):
""" run info-zip dir test0.zip """
tmpdir = self.testdir()
filename = self.zip_CVE_2017_5979
file_url = self.url_CVE_2017_5979
- download(file_url, filename, tmpdir)
+ download_raw(file_url, filename, tmpdir)
exe = self.bins("unzip")
run = shell("{exe} -l {tmpdir}/{filename} ".format(**locals()),
returncodes = [0])
tmpdir = self.testdir()
filename = self.zip_CVE_2017_5979
file_url = self.url_CVE_2017_5979
- download(file_url, filename, tmpdir)
+ download_raw(file_url, filename, tmpdir)
exe = self.bins("unzzip-big")
run = shell("{exe} -l {tmpdir}/{filename} ".format(**locals()),
returncodes = [0])
tmpdir = self.testdir()
filename = self.zip_CVE_2017_5979
file_url = self.url_CVE_2017_5979
- download(file_url, filename, tmpdir)
+ download_raw(file_url, filename, tmpdir)
exe = self.bins("unzzip-mem")
run = shell("{exe} -l {tmpdir}/{filename} ".format(**locals()),
returncodes = [0])
tmpdir = self.testdir()
filename = self.zip_CVE_2017_5979
file_url = self.url_CVE_2017_5979
- download(file_url, filename, tmpdir)
+ download_raw(file_url, filename, tmpdir)
exe = self.bins("unzzip-mix")
run = shell("{exe} -l {tmpdir}/{filename} ".format(**locals()),
returncodes = [0])
tmpdir = self.testdir()
filename = self.zip_CVE_2017_5979
file_url = self.url_CVE_2017_5979
- download(file_url, filename, tmpdir)
+ download_raw(file_url, filename, tmpdir)
exe = self.bins("unzzip")
run = shell("{exe} -l {tmpdir}/{filename} ".format(**locals()),
returncodes = [0, 255])
self.assertLess(len(errors(run.errors)), 20)
self.assertEqual(os.path.getsize(tmpdir+"/a"), 3)
self.rm_testdir()
+ def test_59799(self):
+ """ check $(CVE).zip """
+ tmpdir = self.testdir()
+ filename = self.zip_CVE_2017_5979
+ file_url = self.url_CVE_2017_5979
+ download_raw(file_url, filename, tmpdir)
+ shell("ls -l {tmpdir}/{filename}".format(**locals()))
+ size = os.path.getsize(os.path.join(tmpdir, filename))
+ self.assertEqual(size, 155)
- url_CVE_2017_5974 = "https://raw.githubusercontent.com/asarubbo/poc/master/"
+ url_CVE_2017_5974 = "https://github.com/asarubbo/poc/blob/master"
zip_CVE_2017_5974 = "00150-zziplib-heapoverflow-__zzip_get32"
def test_59740_infozipdir_CVE_2017_5974(self):
""" run info-zip dir test0.zip """
tmpdir = self.testdir()
filename = self.zip_CVE_2017_5974
file_url = self.url_CVE_2017_5974
- download(file_url, filename, tmpdir)
+ download_raw(file_url, filename, tmpdir)
exe = self.bins("unzip")
run = shell("{exe} -l {tmpdir}/{filename} ".format(**locals()),
returncodes = [0, 9])
tmpdir = self.testdir()
filename = self.zip_CVE_2017_5974
file_url = self.url_CVE_2017_5974
- download(file_url, filename, tmpdir)
+ download_raw(file_url, filename, tmpdir)
exe = self.bins("unzzip-big")
run = shell("{exe} -l {tmpdir}/{filename} ".format(**locals()),
returncodes = [0])
tmpdir = self.testdir()
filename = self.zip_CVE_2017_5974
file_url = self.url_CVE_2017_5974
- download(file_url, filename, tmpdir)
+ download_raw(file_url, filename, tmpdir)
exe = self.bins("unzzip-mem")
run = shell("{exe} -l {tmpdir}/{filename} ".format(**locals()),
returncodes = [0])
tmpdir = self.testdir()
filename = self.zip_CVE_2017_5974
file_url = self.url_CVE_2017_5974
- download(file_url, filename, tmpdir)
+ download_raw(file_url, filename, tmpdir)
exe = self.bins("unzzip-mix")
run = shell("{exe} -l {tmpdir}/{filename} ".format(**locals()),
returncodes = [0])
tmpdir = self.testdir()
filename = self.zip_CVE_2017_5974
file_url = self.url_CVE_2017_5974
- download(file_url, filename, tmpdir)
+ download_raw(file_url, filename, tmpdir)
exe = self.bins("unzzip")
run = shell("{exe} -l {tmpdir}/{filename} ".format(**locals()),
returncodes = [0, 255])
self.assertLess(len(errors(run.errors)), 1)
self.assertEqual(os.path.getsize(tmpdir+"/test"), 3)
self.rm_testdir()
+ def test_59749(self):
+ """ check $(CVE).zip """
+ tmpdir = self.testdir()
+ filename = self.zip_CVE_2017_5974
+ file_url = self.url_CVE_2017_5974
+ download_raw(file_url, filename, tmpdir)
+ shell("ls -l {tmpdir}/{filename}".format(**locals()))
+ size = os.path.getsize(os.path.join(tmpdir, filename))
+ self.assertEqual(size, 161)
- url_CVE_2017_5975 = "https://raw.githubusercontent.com/asarubbo/poc/master/"
+ url_CVE_2017_5975 = "https://github.com/asarubbo/poc/blob/master"
zip_CVE_2017_5975 = "00151-zziplib-heapoverflow-__zzip_get64"
def test_59750_infozipdir_CVE_2017_5975(self):
""" run info-zip dir test0.zip """
tmpdir = self.testdir()
filename = self.zip_CVE_2017_5975
file_url = self.url_CVE_2017_5975
- download(file_url, filename, tmpdir)
+ download_raw(file_url, filename, tmpdir)
exe = self.bins("unzip")
run = shell("{exe} -l {tmpdir}/{filename} ".format(**locals()),
returncodes = [0, 2])
tmpdir = self.testdir()
filename = self.zip_CVE_2017_5975
file_url = self.url_CVE_2017_5975
- download(file_url, filename, tmpdir)
+ download_raw(file_url, filename, tmpdir)
exe = self.bins("unzzip-big")
run = shell("{exe} -l {tmpdir}/{filename} ".format(**locals()),
returncodes = [0])
tmpdir = self.testdir()
filename = self.zip_CVE_2017_5975
file_url = self.url_CVE_2017_5975
- download(file_url, filename, tmpdir)
+ download_raw(file_url, filename, tmpdir)
exe = self.bins("unzzip-mem")
run = shell("{exe} -l {tmpdir}/{filename} ".format(**locals()),
returncodes = [0])
tmpdir = self.testdir()
filename = self.zip_CVE_2017_5975
file_url = self.url_CVE_2017_5975
- download(file_url, filename, tmpdir)
+ download_raw(file_url, filename, tmpdir)
exe = self.bins("unzzip-mix")
run = shell("{exe} -l {tmpdir}/{filename} ".format(**locals()),
returncodes = [0,2])
tmpdir = self.testdir()
filename = self.zip_CVE_2017_5975
file_url = self.url_CVE_2017_5975
- download(file_url, filename, tmpdir)
+ download_raw(file_url, filename, tmpdir)
exe = self.bins("unzzip")
run = shell("{exe} -l {tmpdir}/{filename} ".format(**locals()),
returncodes = [0,3])
self.assertTrue(greps(run.errors, "Zipfile corrupted"))
self.assertFalse(os.path.exists(tmpdir+"/test"))
self.rm_testdir()
+ def test_59759(self):
+ """ check $(CVE).zip """
+ tmpdir = self.testdir()
+ filename = self.zip_CVE_2017_5975
+ file_url = self.url_CVE_2017_5975
+ download_raw(file_url, filename, tmpdir)
+ shell("ls -l {tmpdir}/{filename}".format(**locals()))
+ size = os.path.getsize(os.path.join(tmpdir, filename))
+ self.assertEqual(size, 151)
- url_CVE_2017_5976 = "https://raw.githubusercontent.com/asarubbo/poc/master/"
+ url_CVE_2017_5976 = "https://github.com/asarubbo/poc/blob/master"
zip_CVE_2017_5976 = "00152-zziplib-heapoverflow-zzip_mem_entry_extra_block"
def test_59760_infozipdir_CVE_2017_5976(self):
""" run info-zip dir test0.zip """
tmpdir = self.testdir()
filename = self.zip_CVE_2017_5976
file_url = self.url_CVE_2017_5976
- download(file_url, filename, tmpdir)
+ download_raw(file_url, filename, tmpdir)
exe = self.bins("unzip")
run = shell("{exe} -l {tmpdir}/{filename} ".format(**locals()),
returncodes = [0, 2])
tmpdir = self.testdir()
filename = self.zip_CVE_2017_5976
file_url = self.url_CVE_2017_5976
- download(file_url, filename, tmpdir)
+ download_raw(file_url, filename, tmpdir)
exe = self.bins("unzzip-big")
run = shell("{exe} -l {tmpdir}/{filename} ".format(**locals()),
returncodes = [0])
tmpdir = self.testdir()
filename = self.zip_CVE_2017_5976
file_url = self.url_CVE_2017_5976
- download(file_url, filename, tmpdir)
+ download_raw(file_url, filename, tmpdir)
exe = self.bins("unzzip-mem")
run = shell("{exe} -l {tmpdir}/{filename} ".format(**locals()),
returncodes = [0])
tmpdir = self.testdir()
filename = self.zip_CVE_2017_5976
file_url = self.url_CVE_2017_5976
- download(file_url, filename, tmpdir)
+ download_raw(file_url, filename, tmpdir)
exe = self.bins("unzzip-mix")
run = shell("{exe} -l {tmpdir}/{filename} ".format(**locals()),
returncodes = [0])
tmpdir = self.testdir()
filename = self.zip_CVE_2017_5976
file_url = self.url_CVE_2017_5976
- download(file_url, filename, tmpdir)
+ download_raw(file_url, filename, tmpdir)
exe = self.bins("unzzip")
run = shell("{exe} -l {tmpdir}/{filename} ".format(**locals()),
returncodes = [0, 255])
self.assertLess(len(errors(run.errors)), 30)
self.assertEqual(os.path.getsize(tmpdir+"/test"), 3)
self.rm_testdir()
+ def test_59769(self):
+ """ check $(CVE).zip """
+ tmpdir = self.testdir()
+ filename = self.zip_CVE_2017_5976
+ file_url = self.url_CVE_2017_5976
+ download_raw(file_url, filename, tmpdir)
+ shell("ls -l {tmpdir}/{filename}".format(**locals()))
+ size = os.path.getsize(os.path.join(tmpdir, filename))
+ self.assertEqual(size, 188)
- url_CVE_2017_5980 = "https://raw.githubusercontent.com/asarubbo/poc/master/"
+ url_CVE_2017_5980 = "https://github.com/asarubbo/poc/blob/master"
zip_CVE_2017_5980 = "00154-zziplib-nullptr-zzip_mem_entry_new"
def test_59800_infozipdir_CVE_2017_5980(self):
""" run info-zip dir test0.zip """
tmpdir = self.testdir()
filename = self.zip_CVE_2017_5980
file_url = self.url_CVE_2017_5980
- download(file_url, filename, tmpdir)
+ download_raw(file_url, filename, tmpdir)
exe = self.bins("unzip")
run = shell("{exe} -l {tmpdir}/{filename} ".format(**locals()),
returncodes = [0, 2])
tmpdir = self.testdir()
filename = self.zip_CVE_2017_5980
file_url = self.url_CVE_2017_5980
- download(file_url, filename, tmpdir)
+ download_raw(file_url, filename, tmpdir)
exe = self.bins("unzzip-big")
run = shell("{exe} -l {tmpdir}/{filename} ".format(**locals()),
returncodes = [0])
tmpdir = self.testdir()
filename = self.zip_CVE_2017_5980
file_url = self.url_CVE_2017_5980
- download(file_url, filename, tmpdir)
+ download_raw(file_url, filename, tmpdir)
exe = self.bins("unzzip-mem")
run = shell("{exe} -l {tmpdir}/{filename} ".format(**locals()),
returncodes = [0])
tmpdir = self.testdir()
filename = self.zip_CVE_2017_5980
file_url = self.url_CVE_2017_5980
- download(file_url, filename, tmpdir)
+ download_raw(file_url, filename, tmpdir)
exe = self.bins("unzzip-mix")
run = shell("{exe} -l {tmpdir}/{filename} ".format(**locals()),
returncodes = [2])
tmpdir = self.testdir()
filename = self.zip_CVE_2017_5980
file_url = self.url_CVE_2017_5980
- download(file_url, filename, tmpdir)
+ download_raw(file_url, filename, tmpdir)
exe = self.bins("unzzip")
run = shell("{exe} -l {tmpdir}/{filename} ".format(**locals()),
returncodes = [3])
self.assertFalse(os.path.exists(tmpdir+"/test"))
# self.assertEqual(os.path.getsize(tmpdir+"/test"), 3)
self.rm_testdir()
+ def test_59809(self):
+ """ check $(CVE).zip """
+ tmpdir = self.testdir()
+ filename = self.zip_CVE_2017_5980
+ file_url = self.url_CVE_2017_5980
+ download_raw(file_url, filename, tmpdir)
+ shell("ls -l {tmpdir}/{filename}".format(**locals()))
+ size = os.path.getsize(os.path.join(tmpdir, filename))
+ self.assertEqual(size, 155)
+
- url_CVE_2017_5981 = "https://raw.githubusercontent.com/asarubbo/poc/master/"
+ url_CVE_2017_5981 = "https://github.com/asarubbo/poc/blob/master"
zip_CVE_2017_5981 = "00161-zziplib-assertionfailure-seeko_C"
def test_59810_infozipdir_CVE_2017_5981(self):
""" run info-zip dir test0.zip """
tmpdir = self.testdir()
filename = self.zip_CVE_2017_5981
file_url = self.url_CVE_2017_5981
- download(file_url, filename, tmpdir)
+ download_raw(file_url, filename, tmpdir)
exe = self.bins("unzip")
run = shell("{exe} -l {tmpdir}/{filename} ".format(**locals()),
returncodes = [0, 3])
tmpdir = self.testdir()
filename = self.zip_CVE_2017_5981
file_url = self.url_CVE_2017_5981
- download(file_url, filename, tmpdir)
+ download_raw(file_url, filename, tmpdir)
exe = self.bins("unzzip-big")
run = shell("{exe} -l {tmpdir}/{filename} ".format(**locals()),
returncodes = [0])
tmpdir = self.testdir()
filename = self.zip_CVE_2017_5981
file_url = self.url_CVE_2017_5981
- download(file_url, filename, tmpdir)
+ download_raw(file_url, filename, tmpdir)
exe = self.bins("unzzip-mem")
run = shell("{exe} -l {tmpdir}/{filename} ".format(**locals()),
returncodes = [0])
tmpdir = self.testdir()
filename = self.zip_CVE_2017_5981
file_url = self.url_CVE_2017_5981
- download(file_url, filename, tmpdir)
+ download_raw(file_url, filename, tmpdir)
exe = self.bins("unzzip-mix")
run = shell("{exe} -l {tmpdir}/{filename} ".format(**locals()),
returncodes = [0,2])
tmpdir = self.testdir()
filename = self.zip_CVE_2017_5981
file_url = self.url_CVE_2017_5981
- download(file_url, filename, tmpdir)
+ download_raw(file_url, filename, tmpdir)
exe = self.bins("unzzip")
run = shell("{exe} -l {tmpdir}/{filename} ".format(**locals()),
returncodes = [0,3])
# self.assertEqual(os.path.getsize(tmpdir+"/test"), 3)
self.assertFalse(os.path.exists(tmpdir+"/test"))
self.rm_testdir()
-
+ def test_59819(self):
+ """ check $(CVE).zip """
+ tmpdir = self.testdir()
+ filename = self.zip_CVE_2017_5981
+ file_url = self.url_CVE_2017_5981
+ download_raw(file_url, filename, tmpdir)
+ shell("ls -l {tmpdir}/{filename}".format(**locals()))
+ size = os.path.getsize(os.path.join(tmpdir, filename))
+ self.assertEqual(size, 157)
url_CVE_2018_10 = "https://github.com/ProbeFuzzer/poc/blob/master/zziplib"
zip_CVE_2018_10 = "zziplib_0-13-67_zzdir_invalid-memory-access_main.zip"
projects / zziplib / commitdiff