Leave a comment at the end of this page or email contact@krishagni.com
ZIP Bombs
- Vinayak Pawar
What is a ZIP bomb?
Unlike traditional warfare bombs, a ZIP bomb is neither nuclear nor hydrogen bomb. It is a software based attack in which a seemingly small ZIP file, when decompressed, expands disproportionately, causing system disruption.
A ZIP bomb can:
a) Extract into a large number of files, overwhelming the file system.
b) Consume excessive disk space, filling storage disproportionately.
c) Do both, leading to system slowdown or failure.
For example, a ZIP file as small as 1 KB could expand to 10 GB or 100 GB when decompressed, or generate thousands of files, consuming critical file system metadata space.
How does OpenSpecimen detect whether the input ZIP is a bomb or not?
OpenSpecimen doesn't blindly inflate the entire ZIP file at once. It inflates the ZIP file chunk by chunk at a time. The size of the chunk is 8KB. After every chunk, OpenSpecimen computes the compression ratio (that is, size of the inflated file / compressed file size). If, at any point in time, during the inflation, the compression ratio exceeds 10 it considers the input file as a bomb and spits out the error bomb to the users. Example error messages below:
OpenSpecimen does not allow any ZIP that contains more than 100 entries or when the inflated size exceeds 1 GB.
Error when the count of entries in the ZIP file exceed 100
Error when the inflated size exceeds 1 GB
Related content
Leave a comment at the end of this page or email contact@krishagni.com