Cannot call ZipArchiveEntry.OpenEntryStream() multiple times with WinZipAes encrypted ZIP file #174

New Issue

Closed

opened 2026-01-29 22:07:46 +00:00 by claunia · 5 comments

claunia commented 2026-01-29 22:07:46 +00:00

Owner

Copy Link

Originally created by @dbaumber on GitHub (May 18, 2017).

When debugging an issue with not being able to open a stream to an entry in WinZipAes protected ZIP file, I found that if ZipArchiveEntry.OpenEntryStream() is called a second time, SharpCompress throws a CryptographicException with a message "The password did not match", which is thrown from PkwareTraditionalEncryptionData.ForRead(). More analysis shows that Header.CompressionMethod is changed from WinZipAes (correct value) to Deflate (wrong value) after GetCompressedStream() is called in ZipArchiveEntry.OpenEntryStream(). When OpenEntryStream() is called again, it thinks it is encrypted with PKWARE traditional encryption rather than WinZipAes, which fails.

I made a change to ZipArchiveEntry.OpenEntryStream() to save and restore the compression method which resolves this issue. I can provide this as a patch. This behavior has changed since 0.11, the previous version we used. OpenEntryStream() should be able to be called more than once since it returns a non-seekable stream, this allows for resetting the stream for a file entry back to the beginning of the entry.

Originally created by @dbaumber on GitHub (May 18, 2017). When debugging an issue with not being able to open a stream to an entry in WinZipAes protected ZIP file, I found that if ZipArchiveEntry.OpenEntryStream() is called a second time, SharpCompress throws a CryptographicException with a message "The password did not match", which is thrown from PkwareTraditionalEncryptionData.ForRead(). More analysis shows that Header.CompressionMethod is changed from WinZipAes (correct value) to Deflate (wrong value) after GetCompressedStream() is called in ZipArchiveEntry.OpenEntryStream(). When OpenEntryStream() is called again, it thinks it is encrypted with PKWARE traditional encryption rather than WinZipAes, which fails. I made a change to ZipArchiveEntry.OpenEntryStream() to save and restore the compression method which resolves this issue. I can provide this as a patch. This behavior has changed since 0.11, the previous version we used. OpenEntryStream() should be able to be called more than once since it returns a non-seekable stream, this allows for resetting the stream for a file entry back to the beginning of the entry.

claunia added the bug label 2026-01-29 22:07:47 +00:00

claunia closed this issue 2026-01-29 22:07:47 +00:00

claunia commented 2026-01-29 22:07:47 +00:00

Author

Owner

Copy Link

@adamhathcock commented on GitHub (May 19, 2017):

Please provide a pull request and maybe extent a test to test for it. Probably just an oversight.

@adamhathcock commented on GitHub (May 19, 2017): Please provide a pull request and maybe extent a test to test for it. Probably just an oversight.

claunia commented 2026-01-29 22:07:47 +00:00

Author

Owner

Copy Link

@dbaumber commented on GitHub (May 23, 2017):

I've submitted pull a request. I'll work on a test for it next. Would it be possible to get this fix into the 0.16 release? This is an important issue for us. Thanks!

@dbaumber commented on GitHub (May 23, 2017): I've submitted pull a request. I'll work on a test for it next. Would it be possible to get this fix into the 0.16 release? This is an important issue for us. Thanks!

claunia commented 2026-01-29 22:07:48 +00:00

Author

Owner

Copy Link

@adamhathcock commented on GitHub (May 23, 2017):

I can easily put out a patch version if things are simple enough.

@adamhathcock commented on GitHub (May 23, 2017): I can easily put out a patch version if things are simple enough.

claunia commented 2026-01-29 22:07:48 +00:00

Author

Owner

Copy Link

@dbaumber commented on GitHub (May 23, 2017):

It is a 4 line change in ZipArchiveEntry.OpenEntryStream(). It has no effect on anything else. I don't quite understand why the compression method changes but preserving it over the GetCompressedStream() call fixes our issue. We don't need a special patch version if the 0.16 release is coming in the next week or so.

@dbaumber commented on GitHub (May 23, 2017): It is a 4 line change in ZipArchiveEntry.OpenEntryStream(). It has no effect on anything else. I don't quite understand why the compression method changes but preserving it over the GetCompressedStream() call fixes our issue. We don't need a special patch version if the 0.16 release is coming in the next week or so.

claunia commented 2026-01-29 22:07:48 +00:00

Author

Owner

Copy Link

@adamhathcock commented on GitHub (May 24, 2017):

Put in 0.16.1

@adamhathcock commented on GitHub (May 24, 2017): Put in 0.16.1

claunia referenced this issue 2026-01-29 22:17:57 +00:00

[PR #174] [MERGED] Redo options #874

claunia referenced this issue 2026-01-29 22:17:58 +00:00

[PR #174] Redo options #878

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

master

release

adam/merge-release-to-master

dependabot/nuget/xunit.v3-3.2.2

adam/more-explode-async

copilot/fix-infinite-loop-rar-archive

adam/data-descriptor-fix

adam/fix-tests-with-proper-rewind

copilot/fix-data-descriptor-stream-bug

adam/lmza-investigation

adam/create-rar-async

adam/async-rar2

copilot/support-multi-threading-path

copilot/sub-pr-1132-again

adam/memory-perf

copilot/add-performance-benchmarking

copilot/sub-pr-1121

copilot/add-password-support-zip-files

copilot/add-so-optimized-zip-support

adam/rar-async-only

copilot/add-buffered-stream-async-read

copilot/sub-pr-1076

copilot/fix-decompression-exception

copilot/fix-archivefactory-issue

copilot/rationalize-sourcestream-volumes

adam/open-async

copilot/add-ace-archive-support

copilot/sub-pr-1040-again

adam/more-async-3

copilot/fix-tararchive-incomplete-iteration

adam/multi-threaded

copilot/sub-pr-1040

adam/awesome-copilot

copilot/fix-ziparchive-extraction-issue

copilot/fix-tararchive-open-crash

copilot/fix-tar-xz-file-reading-issue

copilot/setup-copilot-instructions

copilot/fix-decompression-performance-issue

copilot/convert-stream-access-to-async

adam/enable-agent

adam/async-deflate

adam/async-rar

adam/more-cleanup

adam/zstd

async-2

zstandard

net461-tests

dmg

async

build-netcore3

recycle-memory-stream

presentation

pax

netcore2

zip_encryption

dotnet-tool

tar_redux

native_zlib

Issue-197

system_buffers

TarNames

7zip_sfx

portable_crypto

WinRT

new_7zip

0.44.5

0.44.4

0.44.3

0.44.2

0.44.1

0.44.0

0.43.0

0.42.1

0.42.0

0.41.0

0.40.0

0.39.0

0.38.0

0.37.2

0.37.1

0.37.0

0.36.0

0.35.0

0.34.2

0.34.1

0.34.0

0.33.0

0.32.2

0.32.1

0.32

0.31

0.30.1

0.30

0.29

0.29.0

0.28.3

0.28.2

0.28.1

0.28

0.27.1

0.27

0.26

0.25.1

0.25

0.24

0.23

0.22

0.21.1

0.21

0.21.0

0.20.0

0.19.2

0.19.1

0.19

0.18.2

0.18.1

0.18

0.17.1

0.17.0

0.16.2

0.16.1

0.16.0

0.15.2

0.15.1

0.15.0

0.14.1

0.14.0

0.13.1

0.13.0

0.12.4

0.12.3

0.12.2

0.12.1

0.12.0

0.11.6

0.11.5

0.11.4

0.11.3

0.11.2

0.11.1

0.11

0.10.3

0.10.2

0.10.1.3

0.10.1.2

0.10.1.1

0.10.1

0.10

0.9

Labels

Clear labels

bug

duplicate

enhancement

feedback requested

not bug

pull-request

Mirrored from GitHub Pull Request

question

up for grabs

wontfix

No Label bug

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

claunia

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/sharpcompress#174