OASIS Open Document Format for Office Applications (OpenDocument) TC

  • 1.  Re: [office] RE: Directories in Zip packages

    Posted 09-27-2010 09:58
    Hi all
    
    I've just been working through the helloworld.odt file with emacs (in
    hexl-mode) with the appnote alongside.  Primitive I know, but anyway
    ..
    
    My take on what I am seeing is that it *should* be obvious what to
    sign and what not to sign by looking at the "uncompressed size" field
    of each local file header - one hopes if uncompressed size=0 then
    compressed size will also equal zero.  This at least is the case of
    the file I am looking at.  And I believe the signature references are
    references to the content of streams.
    
    So one (fairly low level algorithm) would be to iterate through all
    the local file headers and provide a signature reference to all those
    with uncompressed size>0 ie. which actually have file data sections to
    sign.
    
    The implication of this would be that empty files and directory
    entries could be removed from (or added to) the zip archive without
    breaking the signature.  I would have to think some more on how bad
    this might be but I suspect that its not altogether good (I'm having
    visions of injecting 1000's of circular directory references).  ODF
    producers do not use winzip, pkzip or 7zip to create the packages so
    in general there should be fine grained control over which entries go
    into the zip.  Is it too much to recommend that ODF producers *should
    not* add entries for empty directories and empty files.  I might be
    wrong, but I suspect an odf consumer does not use such entries for any
    purpose whatsoever in which case they are better not to be there.  I
    am fairly confident this is the case for directory entries - not 100%
    sure about 0 length files.
    
    Regards
    Bob
    
    On 27 September 2010 01:30, Dennis E. Hamilton 


  • 2.  RE: [office] RE: Directories in Zip packages

    Posted 09-27-2010 17:41
    An issue might be referenced files. I think for 'primary' files (defined as those directly referenced by manifest.xml), then adding new things may not be a problem. This would seem to me to not change either the content or appearance of the document.
    
    Where I think we may get into trouble is if a primary file has a link to a secondary file, also contained in the archive. If that were 0-length to start with, and then got changed into something with content, then it could change the content or appearance.
    
    Given that we don't have time right now to do really extensive work in terms of tracking down what may change the content or appearance, I think anything that qualifies as a file (and not an empty directory) should be signed in order to keep things simple.
    
    ________________________________________
    From: Bob Jolliffe [bobjolliffe@gmail.com]
    Sent: Monday, September 27, 2010 2:57 AM
    To: dennis.hamilton@acm.org
    Cc: Hanssens Bart; David LeBlanc; office@lists.oasis-open.org; Cornelis Frank
    Subject: Re: [office] RE: Directories in Zip packages
    
    Hi all
    
    I've just been working through the helloworld.odt file with emacs (in
    hexl-mode) with the appnote alongside.  Primitive I know, but anyway
    ..
    
    My take on what I am seeing is that it *should* be obvious what to
    sign and what not to sign by looking at the "uncompressed size" field
    of each local file header - one hopes if uncompressed size=0 then
    compressed size will also equal zero.  This at least is the case of
    the file I am looking at.  And I believe the signature references are
    references to the content of streams.
    
    So one (fairly low level algorithm) would be to iterate through all
    the local file headers and provide a signature reference to all those
    with uncompressed size>0 ie. which actually have file data sections to
    sign.
    
    The implication of this would be that empty files and directory
    entries could be removed from (or added to) the zip archive without
    breaking the signature.  I would have to think some more on how bad
    this might be but I suspect that its not altogether good (I'm having
    visions of injecting 1000's of circular directory references).  ODF
    producers do not use winzip, pkzip or 7zip to create the packages so
    in general there should be fine grained control over which entries go
    into the zip.  Is it too much to recommend that ODF producers *should
    not* add entries for empty directories and empty files.  I might be
    wrong, but I suspect an odf consumer does not use such entries for any
    purpose whatsoever in which case they are better not to be there.  I
    am fairly confident this is the case for directory entries - not 100%
    sure about 0 length files.
    
    Regards
    Bob
    
    On 27 September 2010 01:30, Dennis E. Hamilton