Your message dated Wed, 18 May 2022 00:45:53 +0900
with message-id 
<CA+0c0dVme9fpgcy_6Yudnsj+=VyRa6VAFGf39Fn6tEck9zBu=q...@mail.gmail.com>
and subject line Re: unrar corrupts filenames given as arguments
has caused the Debian Bug report #948108,
regarding unrar corrupts filenames given as arguments
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
948108: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948108
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: unrar
Version: 1:5.6.6-2
Severity: normal

Dear Maintainer,

when passing certain (archive) filenames to unrar, unrar will corrupt them
and not be able to open them. The peculiar way this corruption occurs
hints at possible security issues.

Example:

   strace -feexecve,stat perl -e 'system "unrar", "x", "x\x92.rar"'

Outputs, among other things:

   [pid  9326] execve("/bin/unrar", ["unrar", "x", "x\222.rar"], 0x5555557679f0 
/* 112 vars */) = 0
   [pid  9326] stat("x\222.ra", 0x7ffffffef1d0) = -1 ENOENT (No such file or 
directory)
   Cannot open x�.ra

(the later filename is written like this):

   [pid  9390] write(2, "x", 1x)            = 1
   [pid  9390] write(2, "\357\277\276", 3�) = 3
   [pid  9390] write(2, "\356\202\222", 3) = 3
   [pid  9390] write(2, ".", 1.)            = 1
   [pid  9390] write(2, "r", 1r)            = 1
   [pid  9390] write(2, "a", 1a)            = 1
   [pid  9390] write(2, "\nN", 2

So somehow the \x92 character gets replaced, but also the trailing "r" (from 
rar) is removed.

This happened in a utf-8 based locale (en_DK.UTF-8), which is probably
related.

Obviously, unrar should not mangle filenames, as filenames are
octet-strings, not locale-encoded.

-- System Information:
Debian Release: 10.2
  APT prefers stable
  APT policy: (990, 'stable'), (500, 'unstable-debug'), (500, 'testing-debug'), 
(500, 'stable-updates'), (500, 'stable-debug'), (500, 'oldstable-updates'), 
(500, 'oldstable-debug'), (500, 'unstable'), (500, 'testing'), (500, 
'oldstable'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386, x32

Kernel: Linux 5.4.7-050407-generic (SMP w/8 CPU cores)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_DK.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages unrar depends on:
ii  libc6       2.28-10
ii  libgcc1     1:9.2.1-15
ii  libstdc++6  8.3.0-6

unrar recommends no packages.

unrar suggests no packages.

-- no debconf information

--- End Message ---
--- Begin Message ---
Tags: wontfix

This file name bug comes from conversion between wide char strings and
multi byte strings.
These encoding conversion has so many wired pitfalls, and there is no
trivial fix.

--
YOKOTA

--- End Message ---

Reply via email to