From: Guido Draheim <guidod@gmx.de>
Date: Sun, 4 Feb 2018 21:53:44 +0000 (+0100)
Subject: CVE 6484 not fatal #14
X-Git-Tag: v0.13.68~44
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=fc841d43c1b5bfa9141345935b041c0ceae5d8c0;p=zziplib

CVE 6484 not fatal #14
---

diff --git a/test/zziptests.py b/test/zziptests.py
index cabf958..e462384 100644
--- a/test/zziptests.py
+++ b/test/zziptests.py
@@ -2857,9 +2857,7 @@ class ZZipTest(unittest.TestCase):
     run = shell("{exe} -l {tmpdir}/{filename} ".format(**locals()),
         returncodes = [0])
     self.assertLess(len(run.output), 1)
-    self.assertLess(len(errors(run.errors)), 1)
     self.rm_testdir()
-  @unittest.expectedFailure
   def test_64843(self):
     """ unzzip-mix -l $(CVE).zip  """
     tmpdir = self.testdir()
@@ -2868,9 +2866,9 @@ class ZZipTest(unittest.TestCase):
     download(file_url, filename, tmpdir)
     exe = self.bins("unzzip-mix")
     run = shell("{exe} -l {tmpdir}/{filename} ".format(**locals()),
-        returncodes = [0])
+        returncodes = [0, 2])
     self.assertLess(len(run.output), 1)
-    self.assertLess(len(errors(run.errors)), 1)
+    self.assertTrue(greps(run.errors, "central directory not found"))
     self.rm_testdir()
   def test_64844(self):
     """ unzzip-zap -l $(CVE).zip  """
@@ -2880,7 +2878,7 @@ class ZZipTest(unittest.TestCase):
     download(file_url, filename, tmpdir)
     exe = self.bins("unzzip")
     run = shell("{exe} -l {tmpdir}/{filename} ".format(**locals()),
-        returncodes = [0, 255])
+        returncodes = [0, 3])
     self.assertLess(len(run.output), 1)
     self.assertLess(len(errors(run.errors)), 200)
     self.assertIn(": Success", run.errors)
@@ -2928,7 +2926,6 @@ class ZZipTest(unittest.TestCase):
     # self.assertEqual(os.path.getsize(tmpdir+"/test"), 3)
     self.assertFalse(os.path.exists(tmpdir+"/test"))
     self.rm_testdir()
-  @unittest.expectedFailure
   def test_64848(self):
     """ unzzip-mix $(CVE).zip  """
     tmpdir = self.testdir()
@@ -2937,13 +2934,12 @@ class ZZipTest(unittest.TestCase):
     download(file_url, filename, tmpdir)
     exe = self.bins("unzzip-mix")
     run = shell("cd {tmpdir} && ../{exe} {filename} ".format(**locals()),
-        returncodes = [0])
+        returncodes = [0,2])
     self.assertLess(len(run.output), 30)
     self.assertLess(len(errors(run.errors)), 10)
     # self.assertEqual(os.path.getsize(tmpdir+"/test"), 3)
     self.assertFalse(os.path.exists(tmpdir+"/test"))
     self.rm_testdir()
-  @unittest.expectedFailure
   def test_64849(self):
     """ unzzip $(CVE).zip  """
     tmpdir = self.testdir()
@@ -2952,7 +2948,7 @@ class ZZipTest(unittest.TestCase):
     download(file_url, filename, tmpdir)
     exe = self.bins("unzzip")
     run = shell("cd {tmpdir} && ../{exe} {filename} ".format(**locals()),
-        returncodes = [0])
+        returncodes = [0,3])
     self.assertLess(len(run.output), 30)
     self.assertLess(len(errors(run.errors)), 10)
     # self.assertEqual(os.path.getsize(tmpdir+"/test"), 3)
@@ -2998,7 +2994,6 @@ class ZZipTest(unittest.TestCase):
     self.assertLess(len(run.output), 1)
     self.assertLess(len(errors(run.errors)), 1)
     self.rm_testdir()
-  @unittest.expectedFailure
   def test_65403(self):
     """ unzzip-mix -l $(CVE).zip  """
     tmpdir = self.testdir()
@@ -3007,9 +3002,9 @@ class ZZipTest(unittest.TestCase):
     download(file_url, filename, tmpdir)
     exe = self.bins("unzzip-mix")
     run = shell("{exe} -l {tmpdir}/{filename} ".format(**locals()),
-        returncodes = [0])
+        returncodes = [0,2])
     self.assertLess(len(run.output), 1)
-    self.assertLess(len(errors(run.errors)), 1)
+    self.assertTrue(grep(run.errors, "central directory not found"))
     self.rm_testdir()
   def test_65404(self):
     """ unzzip-zap -l $(CVE).zip  """
@@ -3019,7 +3014,7 @@ class ZZipTest(unittest.TestCase):
     download(file_url, filename, tmpdir)
     exe = self.bins("unzzip")
     run = shell("{exe} -l {tmpdir}/{filename} ".format(**locals()),
-        returncodes = [0, 255])
+        returncodes = [0, 3])
     self.assertLess(len(run.output), 1)
     self.assertLess(len(errors(run.errors)), 200)
     self.assertIn(": Success", run.errors)
@@ -3067,7 +3062,6 @@ class ZZipTest(unittest.TestCase):
     # self.assertEqual(os.path.getsize(tmpdir+"/test"), 3)
     self.assertFalse(os.path.exists(tmpdir+"/test"))
     self.rm_testdir()
-  @unittest.expectedFailure
   def test_65408(self):
     """ unzzip-mix $(CVE).zip  """
     tmpdir = self.testdir()
@@ -3076,13 +3070,12 @@ class ZZipTest(unittest.TestCase):
     download(file_url, filename, tmpdir)
     exe = self.bins("unzzip-mix")
     run = shell("cd {tmpdir} && ../{exe} {filename} ".format(**locals()),
-        returncodes = [0])
+        returncodes = [0,2])
     self.assertLess(len(run.output), 30)
     self.assertLess(len(errors(run.errors)), 10)
     # self.assertEqual(os.path.getsize(tmpdir+"/test"), 3)
     self.assertFalse(os.path.exists(tmpdir+"/test"))
     self.rm_testdir()
-  @unittest.expectedFailure
   def test_65409(self):
     """ unzzip $(CVE).zip  """
     tmpdir = self.testdir()
@@ -3091,7 +3084,7 @@ class ZZipTest(unittest.TestCase):
     download(file_url, filename, tmpdir)
     exe = self.bins("unzzip")
     run = shell("cd {tmpdir} && ../{exe} {filename} ".format(**locals()),
-        returncodes = [0])
+        returncodes = [0,3])
     self.assertLess(len(run.output), 30)
     self.assertLess(len(errors(run.errors)), 10)
     # self.assertEqual(os.path.getsize(tmpdir+"/test"), 3)