RarRijndael throws NullReferenceException when there is no password #461

New Issue

Open

opened 2026-01-29 22:12:25 +00:00 by claunia · 3 comments

claunia commented 2026-01-29 22:12:25 +00:00

Owner

Copy Link

Originally created by @IS4Code on GitHub (May 15, 2021).

Rar parsing (via RarReader, haven't tested other archive types) has a bug when the password is not set (null) and the archive is encrypted. When the header is encrypted too, it correctly throws CryptographicException, but when only the files are encrypted, MoveToNextEntry throws NullReferenceException, as it attempts to initialize the engine with a null password.

I could use a blank password, but this breaks encrypted headers, as it cannot determine the format. I would prefer a CryptographicException thrown when an encrypted file is opened without a password (but its entry should be accessible).

Ideally, there should be some sort of wrong password detection as well, but fixing the first bug is completely sufficient.

Originally created by @IS4Code on GitHub (May 15, 2021). Rar parsing (via RarReader, haven't tested other archive types) has a bug when the password is not set (null) and the archive is encrypted. When the header is encrypted too, it correctly throws `CryptographicException`, but when only the files are encrypted, `MoveToNextEntry` throws `NullReferenceException`, as it attempts to initialize the engine with a null password. I could use a blank password, but this breaks encrypted headers, as it cannot determine the format. I would prefer a `CryptographicException` thrown when an encrypted file is opened without a password (but its entry should be accessible). Ideally, there should be some sort of wrong password detection as well, but fixing the first bug is completely sufficient.

claunia commented 2026-01-29 22:12:26 +00:00

Author

Owner

Copy Link

@adamhathcock commented on GitHub (Jun 4, 2021):

I'll accept a PR for this.

I think there isn't a good way (or used not to be) to detect encrypted files so an explicit exception wasn't done at the time.

@adamhathcock commented on GitHub (Jun 4, 2021): I'll accept a PR for this. I think there isn't a good way (or used not to be) to detect encrypted files so an explicit exception wasn't done at the time.

claunia commented 2026-01-29 22:12:26 +00:00

Author

Owner

Copy Link

@Nanook commented on GitHub (May 4, 2022):

I noticed this issue and found that checking IsEncrypted on the Entry was the best method. If you're not using passwords then you should not attempt to process an Entry with IsEncrypted is True.

If the archive is encrypted with encrypted filenames then catching SharpCompresses CryptographicException when no password is set indicates it's passworded. #663 aligns 7zip to this behaviour also.

I've only tested this behaviour with Archive Open(), but is should be the same for RarReader too.

@Nanook commented on GitHub (May 4, 2022): I noticed this issue and found that checking IsEncrypted on the Entry was the best method. If you're not using passwords then you should not attempt to process an Entry with IsEncrypted is True. If the archive is encrypted with encrypted filenames then catching SharpCompresses CryptographicException when no password is set indicates it's passworded. #663 aligns 7zip to this behaviour also. I've only tested this behaviour with Archive Open(), but is should be the same for RarReader too.

claunia commented 2026-01-29 22:12:27 +00:00

Author

Owner

Copy Link

@IS4Code commented on GitHub (May 4, 2022):

I noticed this issue and found that checking IsEncrypted on the Entry was the best method. If you're not using passwords then you should not attempt to process an Entry with IsEncrypted is True.

If the archive is encrypted with encrypted filenames then catching SharpCompresses CryptographicException when no password is set indicates it's passworded. #663 aligns 7zip to this behaviour also.

I've only tested this behaviour with Archive Open(), but is should be the same for RarReader too.

Yes, it makes sense not to open an encrypted entry, but as I said, MoveToNextEntry itself throws the exception. Iterating the entries and retrieving their metadata should be still valid even without a password.

@IS4Code commented on GitHub (May 4, 2022): > I noticed this issue and found that checking IsEncrypted on the Entry was the best method. If you're not using passwords then you should not attempt to process an Entry with IsEncrypted is True. > > If the archive is encrypted with encrypted filenames then catching SharpCompresses CryptographicException when no password is set indicates it's passworded. #663 aligns 7zip to this behaviour also. > > I've only tested this behaviour with Archive Open(), but is should be the same for RarReader too. Yes, it makes sense not to open an encrypted entry, but as I said, `MoveToNextEntry` itself throws the exception. Iterating the entries and retrieving their metadata should be still valid even without a password.

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

master

release

adam/merge-release-to-master

dependabot/nuget/xunit.v3-3.2.2

adam/more-explode-async

copilot/fix-infinite-loop-rar-archive

adam/data-descriptor-fix

adam/fix-tests-with-proper-rewind

copilot/fix-data-descriptor-stream-bug

adam/lmza-investigation

adam/create-rar-async

adam/async-rar2

copilot/support-multi-threading-path

copilot/sub-pr-1132-again

adam/memory-perf

copilot/add-performance-benchmarking

copilot/sub-pr-1121

copilot/add-password-support-zip-files

copilot/add-so-optimized-zip-support

adam/rar-async-only

copilot/add-buffered-stream-async-read

copilot/sub-pr-1076

copilot/fix-decompression-exception

copilot/fix-archivefactory-issue

copilot/rationalize-sourcestream-volumes

adam/open-async

copilot/add-ace-archive-support

copilot/sub-pr-1040-again

adam/more-async-3

copilot/fix-tararchive-incomplete-iteration

adam/multi-threaded

copilot/sub-pr-1040

adam/awesome-copilot

copilot/fix-ziparchive-extraction-issue

copilot/fix-tararchive-open-crash

copilot/fix-tar-xz-file-reading-issue

copilot/setup-copilot-instructions

copilot/fix-decompression-performance-issue

copilot/convert-stream-access-to-async

adam/enable-agent

adam/async-deflate

adam/async-rar

adam/more-cleanup

adam/zstd

async-2

zstandard

net461-tests

dmg

async

build-netcore3

recycle-memory-stream

presentation

pax

netcore2

zip_encryption

dotnet-tool

tar_redux

native_zlib

Issue-197

system_buffers

TarNames

7zip_sfx

portable_crypto

WinRT

new_7zip

0.44.5

0.44.4

0.44.3

0.44.2

0.44.1

0.44.0

0.43.0

0.42.1

0.42.0

0.41.0

0.40.0

0.39.0

0.38.0

0.37.2

0.37.1

0.37.0

0.36.0

0.35.0

0.34.2

0.34.1

0.34.0

0.33.0

0.32.2

0.32.1

0.32

0.31

0.30.1

0.30

0.29

0.29.0

0.28.3

0.28.2

0.28.1

0.28

0.27.1

0.27

0.26

0.25.1

0.25

0.24

0.23

0.22

0.21.1

0.21

0.21.0

0.20.0

0.19.2

0.19.1

0.19

0.18.2

0.18.1

0.18

0.17.1

0.17.0

0.16.2

0.16.1

0.16.0

0.15.2

0.15.1

0.15.0

0.14.1

0.14.0

0.13.1

0.13.0

0.12.4

0.12.3

0.12.2

0.12.1

0.12.0

0.11.6

0.11.5

0.11.4

0.11.3

0.11.2

0.11.1

0.11

0.10.3

0.10.2

0.10.1.3

0.10.1.2

0.10.1.1

0.10.1

0.10

0.9

Labels

Clear labels

bug

duplicate

enhancement

feedback requested

not bug

pull-request

Mirrored from GitHub Pull Request

question

up for grabs

wontfix

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

claunia

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/sharpcompress#461