Bemærk
Adgang til denne side kræver godkendelse. Du kan prøve at logge på eller ændre mapper.
Adgang til denne side kræver godkendelse. Du kan prøve at ændre mapper.
Starting in .NET 11, the System.IO.Compression library validates CRC32 checksums when reading ZIP archive entries. If the computed CRC32 checksum doesn't match the expected value stored in the ZIP file's metadata, an InvalidDataException is thrown.
Version introduced
.NET 11 Preview 3
Previous behavior
Previously, System.IO.Compression didn't validate CRC32 checksums when reading ZIP archive entries. Corrupted or tampered ZIP entries could be read without errors, potentially causing silent data corruption.
using System.IO.Compression;
using var archive = ZipFile.OpenRead("corrupted.zip");
var entry = archive.GetEntry("file.txt")
?? throw new FileNotFoundException("Entry 'file.txt' not found in archive.");
using var stream = entry.Open();
// Data read without any validation of its integrity.
byte[] buffer = new byte[entry.Length];
stream.ReadExactly(buffer);
New behavior
Starting in .NET 11, the library verifies the integrity of ZIP entries during read operations. If the computed CRC32 checksum doesn't match the expected value from the ZIP file's metadata, an InvalidDataException is thrown.
Type of breaking change
This change is a behavioral change.
Reason for change
This change improves the reliability and security of System.IO.Compression. By validating CRC32 checksums, the library detects and prevents use of corrupted or tampered ZIP entries, ensuring applications don't inadvertently process invalid data. For more information, see dotnet/runtime#124766.
Recommended action
If your application processes ZIP files that might be corrupted or tampered with, handle InvalidDataException appropriately:
try
{
using var archive = ZipFile.OpenRead("corrupted.zip");
var entry = archive.GetEntry("file.txt")
?? throw new FileNotFoundException("Entry 'file.txt' not found in archive.");
using var stream = entry.Open();
byte[] buffer = new byte[entry.Length];
stream.ReadExactly(buffer);
}
catch (InvalidDataException ex)
{
Console.WriteLine($"Error reading ZIP entry: {ex.Message}");
}
Affected APIs
Samarbejd med os på GitHub
Kilden til dette indhold kan findes på GitHub, hvor du også kan oprette og gennemse problemer og pullanmodninger. Du kan få flere oplysninger i vores vejledning til bidragydere.
