You are not logged in.
- Topics: Active | Unanswered
Pages: 1
#1 2022-06-29 01:35:37
- srgrusso
- Member
- Registered: 2017-11-16
- Posts: 10
unzip disable zipbomb detection
Im building an Android custom rom and I'm getting the following error with unzip 6.0-18
ExternalError: Failed to run command '['unzip', '-o', '-q', '/mnt/Android-Source/Bliss-arcadia-next-testing/out/target/product/lemonadep/obj/PACKAGING/target_files_intermediates/bliss_lemonadep-target_files-eng.srgrusso.zip', '-d', '/mnt/Android-Source/Bliss-arcadia-next-testing/out/soong/.temp/targetfiles-QY1RYM', 'SYSTEM/etc/vintf/*', 'VENDOR/etc/vintf/*', 'ODM/etc/vintf/*', 'SYSTEM_EXT/etc/vintf/*', 'ODM/etc/*', 'META/*', '*/build.prop']' (exit code 12):
error: invalid zip file with overlapped components (possible zip bomb)
To unzip the file anyway, rerun the command with UNZIP_DISABLE_ZIPBOMB_DETECTION=TRUE environmnent variableIf I export UNZIP_DISABLE_ZIPBOMB_DETECTION=true in my terminal session I can manualy unzip it. But my build enviroment ignores the variable. So I tried adding export UNZIP_DISABLE_ZIPBOMB_DETECTION=true to /etc/environment But my build enviroment ignores this too.
The only solution I have been able to find so far is to downgrade to unzip 6.0-13.
Any thoughts or recommendations?
Thanks
Offline
#2 2022-06-29 01:53:06
- Trilby
- Inspector Parrot
- Registered: 2011-11-29
- Posts: 29,532
- Website
Re: unzip disable zipbomb detection
Can you edit whatever calls zip to prepend that variable? If not, then perhaps just create a wrapper script called unzip higher in your PATH:
#!/bin/sh
UNZIP_DISABLE_ZIPBOMB_DETECTION=true /bin/unzip "$@""UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" - Richard Stallman
Offline
#3 2022-06-29 01:57:16
- srgrusso
- Member
- Registered: 2017-11-16
- Posts: 10
Re: unzip disable zipbomb detection
Can you edit whatever calls zip to prepend that variable? If not, then perhaps just create a wrapper script called unzip higher in your PATH:
#!/bin/sh UNZIP_DISABLE_ZIPBOMB_DETECTION=true /bin/unzip "$@"
I never thought of your script idea. Would I use it they way you have it written?
Offline
#4 2022-06-29 06:09:57
- seth
- Member
- Registered: 2012-09-03
- Posts: 51,261
Re: unzip disable zipbomb detection
I export UNZIP_DISABLE_ZIPBOMB_DETECTION=true in my terminal session … my build enviroment ignores the variable … adding export UNZIP_DISABLE_ZIPBOMB_DETECTION=true to /etc/environment … build enviroment ignores this
1. what /is/ your build environment™ ?
2. was is started out of the terminal where you exported the variable?
3. did you re-login after editing /etc/environment ?
The build environment™ calls unzip w/o an absolute path, so if you add the script as "unzip" anywhere higher up in whatever the build environment™ considers $PATH and make it executable, it'll invoke that instead, yes.
Offline
Pages: 1