starred/sharpcompress
1
0
Fork 0
mirror of https://github.com/adamhathcock/sharpcompress.git synced 2026-02-03 21:23:38 +00:00
Code Issues 975 Packages Projects Releases 20 Wiki Activity

Extract rar with invalid password does not raise exception #20

New Issue
Open
opened 2026-01-29 22:03:36 +00:00 by claunia · 5 comments
claunia commented 2026-01-29 22:03:36 +00:00
Owner
Copy Link

Originally created by @JJWR on GitHub (Dec 15, 2014).

Hello, when I extract a rar file with password everything works as expected if the password is ok. However, when the password is wrong the extraction runs without raising any exception and the files are extracted. Of course the files are corrupted. This is the code I am using:

string password = "wrongpass";
string inpath = @"D:\Test\File_with_pass.rar";
RarArchive rar = RarArchive.Open(inpath, SharpCompress.Common.Options.LookForHeader, password);
rar.WriteToDirectory(@"D:\Test\out");
rar.Dispose();

Since we can not ensure that the extraction went well, this issue is making the library useless for rar protected files.

Originally created by @JJWR on GitHub (Dec 15, 2014). Hello, when I extract a rar file with password everything works as expected if the password is ok. However, when the password is wrong the extraction runs without raising any exception and the files are extracted. Of course the files are corrupted. This is the code I am using: ``` string password = "wrongpass"; string inpath = @"D:\Test\File_with_pass.rar"; RarArchive rar = RarArchive.Open(inpath, SharpCompress.Common.Options.LookForHeader, password); rar.WriteToDirectory(@"D:\Test\out"); rar.Dispose(); ``` Since we can not ensure that the extraction went well, this issue is making the library useless for rar protected files.
claunia commented 2026-01-29 22:03:36 +00:00
Author
Owner
Copy Link

@Strachu commented on GitHub (Dec 16, 2014):

I am not sure whether there is a better way to do it nor if it can be done without making some modification to the library, but maybe extracting some small file to memory, calculating CRC for extracted content and comparing it with CRC from header will be enough?
If CRCs are equal == password is correct.
If CRCs are different == incorrect password or damaged archive.

@Strachu commented on GitHub (Dec 16, 2014): I am not sure whether there is a better way to do it nor if it can be done without making some modification to the library, but maybe extracting some small file to memory, calculating CRC for extracted content and comparing it with CRC from header will be enough? If CRCs are equal == password is correct. If CRCs are different == incorrect password or damaged archive.
claunia commented 2026-01-29 22:03:37 +00:00
Author
Owner
Copy Link

@adamhathcock commented on GitHub (Dec 16, 2014):

CRC is the only way to check. It's unfortunate but I don't think there's anyway to throw an exception or something unless there's an encrypted header to check.

@adamhathcock commented on GitHub (Dec 16, 2014): CRC is the only way to check. It's unfortunate but I don't think there's anyway to throw an exception or something unless there's an encrypted header to check.
claunia commented 2026-01-29 22:03:37 +00:00
Author
Owner
Copy Link

@JJWR commented on GitHub (Dec 26, 2014):

CRC should anyway always be checked even if the file is not password protected to ensure that the file is all right. Is is not checked now?

@JJWR commented on GitHub (Dec 26, 2014): CRC should anyway always be checked even if the file is not password protected to ensure that the file is all right. Is is not checked now?
claunia commented 2026-01-29 22:03:38 +00:00
Author
Owner
Copy Link

@adamhathcock commented on GitHub (Dec 26, 2014):

I really haven't done much with CRC checking. I don't believe any of it is done currently.

@adamhathcock commented on GitHub (Dec 26, 2014): I really haven't done much with CRC checking. I don't believe any of it is done currently.
claunia commented 2026-01-29 22:03:38 +00:00
Author
Owner
Copy Link

@ArunaVignesh commented on GitHub (May 10, 2021):

@adamhathcock

When extracting rar file protected with password, files extracted done successfully when password is correct. how do i check the password correct or not? Tried above @Strachu CRC checking method. its not worked correctly in my file. @Strachu can you please explain it elaborately. If anyone knows some other method, please help

@ArunaVignesh commented on GitHub (May 10, 2021): @adamhathcock When extracting rar file protected with password, files extracted done successfully when password is correct. how do i check the password correct or not? Tried above @Strachu CRC checking method. its not worked correctly in my file. @Strachu can you please explain it elaborately. If anyone knows some other method, please help
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
duplicate
enhancement
feedback requested
not bug
pull-request
Mirrored from GitHub Pull Request
 question
up for grabs
wontfix
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
claunia
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/sharpcompress#20
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?