Bug#1054628: unzip: zipgrep doesn't handle regexp with some special characters correctly

Vincent Lefevre Thu, 26 Oct 2023 18:27:16 -0700

Package: unzip
Version: 6.0-28
Severity: normal
Tags: upstream patch

zipgrep doesn't handle regexp with some special characters correctly,
as shown below.


$ echo a.b > file1
$ echo a-b > file2
$ zip files.zip file1 file2
  adding: file1 (stored 0%)
  adding: file2 (stored 0%)

With egrep:

$ egrep a\\.b file1 file2
file1:a.b
$ egrep a\|b file1 file2
file1:a.b
file2:a-b
$

But with zipgrep:

$ zipgrep a\\.b files.zip
$ zipgrep a\|b files.zip
$

This is due to the following code:

# Escape shell-special characters in "pat".
pat=` echo "$pat" | \
 sed -e 's/\\\\/\\\\\\\\/g' -e 's/|/\\\|/g' -e 's/&/\\\&/g' `

which breaks the regexp. Escaping is useless because once a string
is in a shell variable pat, it is no longer reinterpreted when just
using "$pat". And as a consequence, escaping is incorrect because
the escape characters are not removed when using "$pat". Moreover,
the use of echo was not portable.

I've attached a patch, which removes this useless/incorrect code.

-- System Information:
Debian Release: trixie/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'stable-updates'), (500, 
'stable-security'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 
'experimental')
merged-usr: no
Architecture: amd64 (x86_64)

Kernel: Linux 6.5.0-3-amd64 (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=POSIX, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages unzip depends on:
ii  libbz2-1.0  1.0.8-5+b1
ii  libc6       2.37-12

unzip recommends no packages.

Versions of packages unzip suggests:
ii  zip  3.0-13

-- no debconf information

-- 
Vincent Lefèvre <vinc...@vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Index: b/unix/zipgrep
===================================================================
--- a/unix/zipgrep
+++ b/unix/zipgrep
@@ -49,10 +49,6 @@ status_grep_global=1
 IFS='
 '
 
-# Escape shell-special characters in "pat".
-pat=` echo "$pat" | \
- sed -e 's/\\\\/\\\\\\\\/g' -e 's/|/\\\|/g' -e 's/&/\\\&/g' `
-
 # Use "unzip -Z1" to get a listing of the specified members from the
 # specified archive.  Escape any backslashes in a file name.
 for i in `unzip -Z1 "$zipfile" ${1+"$@"} | sed -e 's/\\\\/\\\\\\\\/g' `; do

Bug#1054628: unzip: zipgrep doesn't handle regexp with some special characters correctly

Reply via email to