From bbdbb717efede5350dbd42245d96790febf78542 Mon Sep 17 00:00:00 2001
From: Seth Michael Larson <seth@python.org>
Date: Fri, 10 Oct 2025 16:21:25 -0500
Subject: [PATCH 1/3] Further lock-down ZIP archive features

---
 tests/unit/utils/test_zipfiles.py             |  36 ++++-
 tests/unit/utils/zipdata/accept/empty.zip     | Bin 0 -> 22 bytes
 .../unit/utils/zipdata/reject/cd_comment.zip  | Bin 0 -> 113 bytes
 .../{accept => reject}/data_descriptor.zip    | Bin
 .../data_descriptor_bad_crc.zip               | Bin
 .../data_descriptor_bad_csize.zip             | Bin
 .../data_descriptor_bad_usize.zip             | Bin
 .../data_descriptor_bad_usize_no_sig.zip      | Bin
 .../data_descriptor_zip64.zip                 | Bin
 .../data_descriptor_zip64_csize.zip           | Bin
 .../data_descriptor_zip64_usize.zip           | Bin
 warehouse/utils/zipfiles.py                   | 138 +++++++++++++-----
 12 files changed, 137 insertions(+), 37 deletions(-)
 create mode 100644 tests/unit/utils/zipdata/accept/empty.zip
 create mode 100644 tests/unit/utils/zipdata/reject/cd_comment.zip
 rename tests/unit/utils/zipdata/{accept => reject}/data_descriptor.zip (100%)
 rename tests/unit/utils/zipdata/{accept => reject}/data_descriptor_bad_crc.zip (100%)
 rename tests/unit/utils/zipdata/{accept => reject}/data_descriptor_bad_csize.zip (100%)
 rename tests/unit/utils/zipdata/{accept => reject}/data_descriptor_bad_usize.zip (100%)
 rename tests/unit/utils/zipdata/{accept => reject}/data_descriptor_bad_usize_no_sig.zip (100%)
 rename tests/unit/utils/zipdata/{accept => reject}/data_descriptor_zip64.zip (100%)
 rename tests/unit/utils/zipdata/{accept => reject}/data_descriptor_zip64_csize.zip (100%)
 rename tests/unit/utils/zipdata/{accept => reject}/data_descriptor_zip64_usize.zip (100%)

diff --git a/tests/unit/utils/test_zipfiles.py b/tests/unit/utils/test_zipfiles.py
index 6e64d5b8f363..c269284133b1 100644
--- a/tests/unit/utils/test_zipfiles.py
+++ b/tests/unit/utils/test_zipfiles.py
@@ -23,7 +23,18 @@ def zippath(filename: str):
         ("reject/8bitcomment.zip", "Filename not in central directory"),
         ("reject/cd_extra_entry.zip", "Duplicate filename in central directory"),
         ("reject/cd_missing_entry.zip", "Filename not in central directory"),
-        ("reject/data_descriptor_bad_crc_0.zip", "Unknown record signature"),
+        ("reject/data_descriptor.zip", "ZIP contains a data descriptor"),
+        ("reject/data_descriptor_bad_crc.zip", "ZIP contains a data descriptor"),
+        ("reject/data_descriptor_bad_crc_0.zip", "ZIP contains a data descriptor"),
+        ("reject/data_descriptor_bad_csize.zip", "ZIP contains a data descriptor"),
+        ("reject/data_descriptor_bad_usize.zip", "ZIP contains a data descriptor"),
+        (
+            "reject/data_descriptor_bad_usize_no_sig.zip",
+            "ZIP contains a data descriptor",
+        ),
+        ("reject/data_descriptor_zip64.zip", "ZIP contains a data descriptor"),
+        ("reject/data_descriptor_zip64_csize.zip", "ZIP contains a data descriptor"),
+        ("reject/data_descriptor_zip64_usize.zip", "ZIP contains a data descriptor"),
         ("reject/dupe_eocd.zip", "Truncated central directory"),
         (
             "reject/eocd64_locator_mismatch.zip",
@@ -37,10 +48,10 @@ def zippath(filename: str):
         ("reject/non_ascii_original_name.zip", "Filename not unicode"),
         ("reject/not.zip", "File is not a zip file"),
         ("reject/prefix.zip", "Unknown record signature"),
-        ("reject/second_unicode_extra.zip", "Filename not in central directory"),
+        ("reject/second_unicode_extra.zip", "Invalid duplicate extra in local file"),
         ("reject/shortextra.zip", "Corrupt extra field 7075 (size=9)"),
         ("reject/suffix_not_comment.zip", "Trailing data"),
-        ("reject/unicode_extra_chain.zip", "Filename not in central directory"),
+        ("reject/unicode_extra_chain.zip", "Invalid duplicate extra in local file"),
         ("reject/wheel-1.0-py3-none-any.whl", "Duplicate filename in local headers"),
         ("reject/zip64_eocd_confusion.zip", "Filename not in central directory"),
         ("reject/zip64_eocd_extensible_data.zip", "Bad offset for central directory"),
@@ -70,8 +81,8 @@ def test_bad_zips(filename, error):
 @pytest.mark.parametrize("filename", list(os.listdir(ZIPDATA_DIR / "accept")))
 def test_good_zips(filename):
     result = zipfiles.validate_zipfile(zippath(f"accept/{filename}"))
-    assert result[0] is True
     assert result[1] is None
+    assert result[0] is True
 
 
 def test_local_file_header():
@@ -151,3 +162,20 @@ def test_local_file_header_zip64_extra_no_compressed_size_nok_using_deflate():
     fp = io.BytesIO(header + b"a" + extra + b"a")
     with pytest.raises(zipfiles.InvalidZipFileError):
         zipfiles._handle_local_file_header(fp, {"a": 0})
+
+
+def test_local_file_invalid_filename():
+    header = struct.pack("<xxHHxxxxxxxxLxxxxHxx", 0, 0, 0xFFFFFFFF, 1)
+    fp = io.BytesIO(header + b"\x7f")
+    with pytest.raises(zipfiles.InvalidZipFileError) as e:
+        zipfiles._handle_local_file_header(fp, {"a": 0})
+    assert str(e.value) == "Invalid character in filename"
+
+
+def test_local_file_invalid_filename_in_unicode_extra():
+    extra = struct.pack("<HHxxxxxxxx", 0x7075, 8)
+    header = struct.pack("<xxHHxxxxxxxxLxxxxHH", 0, 0, 0, 1, len(extra))
+    fp = io.BytesIO(header + b"a" + extra)
+    with pytest.raises(zipfiles.InvalidZipFileError) as e:
+        zipfiles._handle_local_file_header(fp, {"a": 0})
+    assert str(e.value) == "Invalid character in filename"
diff --git a/tests/unit/utils/zipdata/accept/empty.zip b/tests/unit/utils/zipdata/accept/empty.zip
new file mode 100644
index 0000000000000000000000000000000000000000..15cb0ecb3e219d1701294bfdf0fe3f5cb5d208e7
GIT binary patch
literal 22
NcmWIWW@Tf*000g10H*)|

literal 0
HcmV?d00001

diff --git a/tests/unit/utils/zipdata/reject/cd_comment.zip b/tests/unit/utils/zipdata/reject/cd_comment.zip
new file mode 100644
index 0000000000000000000000000000000000000000..3f38454f6f45b46d3ae1400695f1d6cb1928a972
GIT binary patch
literal 113
zcmWIWW@Zs#fB;2?0Im1yIDi}wW(MN4{QShE<doF3^o#&+MkWzv+)5cCW-v5>89<Hy
S1H4(;K!S`wXb7Y=!72ce-ws6p

literal 0
HcmV?d00001

diff --git a/tests/unit/utils/zipdata/accept/data_descriptor.zip b/tests/unit/utils/zipdata/reject/data_descriptor.zip
similarity index 100%
rename from tests/unit/utils/zipdata/accept/data_descriptor.zip
rename to tests/unit/utils/zipdata/reject/data_descriptor.zip
diff --git a/tests/unit/utils/zipdata/accept/data_descriptor_bad_crc.zip b/tests/unit/utils/zipdata/reject/data_descriptor_bad_crc.zip
similarity index 100%
rename from tests/unit/utils/zipdata/accept/data_descriptor_bad_crc.zip
rename to tests/unit/utils/zipdata/reject/data_descriptor_bad_crc.zip
diff --git a/tests/unit/utils/zipdata/accept/data_descriptor_bad_csize.zip b/tests/unit/utils/zipdata/reject/data_descriptor_bad_csize.zip
similarity index 100%
rename from tests/unit/utils/zipdata/accept/data_descriptor_bad_csize.zip
rename to tests/unit/utils/zipdata/reject/data_descriptor_bad_csize.zip
diff --git a/tests/unit/utils/zipdata/accept/data_descriptor_bad_usize.zip b/tests/unit/utils/zipdata/reject/data_descriptor_bad_usize.zip
similarity index 100%
rename from tests/unit/utils/zipdata/accept/data_descriptor_bad_usize.zip
rename to tests/unit/utils/zipdata/reject/data_descriptor_bad_usize.zip
diff --git a/tests/unit/utils/zipdata/accept/data_descriptor_bad_usize_no_sig.zip b/tests/unit/utils/zipdata/reject/data_descriptor_bad_usize_no_sig.zip
similarity index 100%
rename from tests/unit/utils/zipdata/accept/data_descriptor_bad_usize_no_sig.zip
rename to tests/unit/utils/zipdata/reject/data_descriptor_bad_usize_no_sig.zip
diff --git a/tests/unit/utils/zipdata/accept/data_descriptor_zip64.zip b/tests/unit/utils/zipdata/reject/data_descriptor_zip64.zip
similarity index 100%
rename from tests/unit/utils/zipdata/accept/data_descriptor_zip64.zip
rename to tests/unit/utils/zipdata/reject/data_descriptor_zip64.zip
diff --git a/tests/unit/utils/zipdata/accept/data_descriptor_zip64_csize.zip b/tests/unit/utils/zipdata/reject/data_descriptor_zip64_csize.zip
similarity index 100%
rename from tests/unit/utils/zipdata/accept/data_descriptor_zip64_csize.zip
rename to tests/unit/utils/zipdata/reject/data_descriptor_zip64_csize.zip
diff --git a/tests/unit/utils/zipdata/accept/data_descriptor_zip64_usize.zip b/tests/unit/utils/zipdata/reject/data_descriptor_zip64_usize.zip
similarity index 100%
rename from tests/unit/utils/zipdata/accept/data_descriptor_zip64_usize.zip
rename to tests/unit/utils/zipdata/reject/data_descriptor_zip64_usize.zip
diff --git a/warehouse/utils/zipfiles.py b/warehouse/utils/zipfiles.py
index 8ca10422f3bc..3774f9db37d9 100644
--- a/warehouse/utils/zipfiles.py
+++ b/warehouse/utils/zipfiles.py
@@ -12,6 +12,14 @@
 RECORD_SIG_EOCD64_LOCATOR = b"\x50\x4b\x06\x07"
 RECORD_SIG_DATA_DESCRIPTOR = b"\x50\x4b\x07\x08"
 
+# Extras that shouldn't be duplicated.
+DISALLOW_DUPLICATE_EXTRA_IDS = {
+    0x0001,  # ZIP64 extended info
+    0x7075,  # Info-ZIP Unicode Path
+}
+# Unprintable characters we disallow from filenames.
+UNPRINTABLE_CHARS = set(range(0x00, 0x20)) | {0x7F}
+
 
 class InvalidZipFileError(Exception):
     """Internal exception used by this module"""
@@ -37,6 +45,10 @@ def _read_check(fp: typing.IO[bytes], amt: int, /) -> bytes:
     return data
 
 
+def _contains_unprintable_chars(value: bytes) -> bool:
+    return any(ch in UNPRINTABLE_CHARS for ch in value)
+
+
 def _handle_local_file_header(
     fp: typing.IO[bytes], zipfile_files_and_sizes: dict[str, int]
 ) -> bytes:
@@ -53,16 +65,22 @@ def _handle_local_file_header(
     filename = _read_check(fp, filename_size)
     extra = _read_check(fp, extra_size)
 
+    if _contains_unprintable_chars(filename):
+        raise InvalidZipFileError("Invalid character in filename")
+
     # Search for the ZIP64 extension in extras.
-    is_zip64 = False
+    seen_extra_ids = set()
     while extra:
         if len(extra) < 4:
             raise InvalidZipFileError("Malformed zip file")
-        extra_header, extra_data_size = struct.unpack("<HH", extra[:4])
+        extra_id, extra_data_size = struct.unpack("<HH", extra[:4])
         if extra_data_size + 4 > len(extra):
             raise InvalidZipFileError("Malformed zip file")
-        if extra_header == 0x0001:
-            is_zip64 = True
+        if extra_id in seen_extra_ids and extra_id in DISALLOW_DUPLICATE_EXTRA_IDS:
+            raise InvalidZipFileError("Invalid duplicate extra in local file")
+        seen_extra_ids.add(extra_id)
+
+        if extra_id == 0x0001:
 
             # ZIP64 extras must be one of these lengths.
             if extra_data_size not in (0, 8, 16, 24, 28):
@@ -89,17 +107,32 @@ def _handle_local_file_header(
                 # We receive an explicit compressed ZIP64 size.
                 # This is the second field in the extra data.
                 (compressed_size,) = struct.unpack("<Q", extra[12:20])
-            break
+
+        elif extra_id == 0x7075:
+            # Info ZIP Unicode Path Extra layout
+            # 0x7075        2 bytes
+            # TSize         2 bytes
+            # Version       1 byte
+            # NameCRC32     4 bytes
+            # UnicodeName   TSize - 5
+            unicode_name = extra[9 : 4 + extra_data_size]
+            if _contains_unprintable_chars(unicode_name):
+                raise InvalidZipFileError("Invalid character in filename")
+            try:
+                unicode_name.decode("utf-8")
+            except UnicodeError:
+                raise InvalidZipFileError("Filename not unicode")
+
         extra = extra[extra_data_size + 4 :]
 
     # If the local file is using streaming mode then
     # use the compression size from central directory.
     has_data_descriptor = gpbf & 0x08
+    if has_data_descriptor:
+        raise InvalidZipFileError("ZIP contains a data descriptor")
     try:
         filename_as_str = filename.decode("utf-8")
-        if has_data_descriptor and compressed_size == 0:
-            compressed_size = zipfile_files_and_sizes[filename_as_str]
-        elif zipfile_files_and_sizes[filename_as_str] != compressed_size:
+        if zipfile_files_and_sizes[filename_as_str] != compressed_size:
             raise InvalidZipFileError("Mis-matched data size")
     except UnicodeError:
         raise InvalidZipFileError("Filename not unicode")
@@ -108,22 +141,10 @@ def _handle_local_file_header(
 
     _seek_check(fp, compressed_size)
 
-    if has_data_descriptor:
-        # 4 byte data descriptor header is optional... :-(
-        # There is always a 4 byte CRC.
-        # If the archive is ZIP64, both size fields are 8 bytes
-        # otherwise they are 4 bytes.
-        maybe_data_descriptor_header = _read_check(fp, 4)
-        data_descriptor_remaining = 16 if is_zip64 else 8
-        # The first 4 bytes are either the header or the CRC.
-        if maybe_data_descriptor_header == RECORD_SIG_DATA_DESCRIPTOR:
-            data_descriptor_remaining += 4
-        _seek_check(fp, data_descriptor_remaining)
-
     return filename
 
 
-def _handle_central_directory_header(fp: typing.IO[bytes]) -> bytes:
+def _handle_central_directory_header(fp: typing.IO[bytes]) -> tuple[bytes, bytes]:
     """
     Parses the body of a Central Directory (CD) header.
     Returns the contained filename field of the record.
@@ -134,13 +155,18 @@ def _handle_central_directory_header(fp: typing.IO[bytes]) -> bytes:
     compressed_size, filename_size, extra_size, comment_size, offset = struct.unpack(
         "<xxxxxxxxxxxxxxxxLxxxxHHHxxxxxxxxL", data
     )
+    if comment_size != 0:
+        raise InvalidZipFileError("Comment in central directory")
     filename = _read_check(fp, filename_size)
-    _seek_check(fp, extra_size)
-    _seek_check(fp, comment_size)
-    return filename
+    extra = _read_check(fp, extra_size)
+
+    if _contains_unprintable_chars(filename):
+        raise InvalidZipFileError("Invalid character in filename")
+
+    return filename, extra
 
 
-def _handle_eocd(fp: typing.IO[bytes]) -> None:
+def _handle_eocd(fp: typing.IO[bytes]) -> tuple[int, int, int]:
     """
     Parses the body of an End of Central Directory (EOCD) record.
 
@@ -148,21 +174,32 @@ def _handle_eocd(fp: typing.IO[bytes]) -> None:
     """
     data = _read_check(fp, 18)
     (
+        cd_records_on_disk,
+        cd_records,
+        cd_size,
         cd_offset,
         comment_size,
-    ) = struct.unpack("<xxxxxxxxxxxxLH", data)
+    ) = struct.unpack("<xxxxHHLLH", data)
+    if cd_records_on_disk != cd_records:
+        raise InvalidZipFileError("Malformed zip file")
     _seek_check(fp, comment_size)
+    return cd_records, cd_size, cd_offset
 
 
-def _handle_eocd64(fp: typing.IO[bytes]) -> None:
+def _handle_eocd64(fp: typing.IO[bytes]) -> tuple[int, int, int]:
     """
     Parses the body of an ZIP64 End of Central Directory (EOCD64) record.
 
     See section 4.3.14 of APPNOTE.TXT.
     """
-    data = _read_check(fp, 8)
-    (eocd64_size,) = struct.unpack("<Q", data[:8])
-    _seek_check(fp, eocd64_size)
+    data = _read_check(fp, 52)
+    (eocd64_size, cd_records_on_disk, cd_records, cd_size, cd_offset) = struct.unpack(
+        "<QxxxxxxxxxxxxQQQQ", data
+    )
+    if cd_records_on_disk != cd_records:
+        raise InvalidZipFileError("Malformed zip file")
+    _seek_check(fp, eocd64_size - 44)
+    return cd_records, cd_size, cd_offset
 
 
 def _handle_eocd64_locator(fp: typing.IO[bytes]) -> int:
@@ -215,6 +252,17 @@ def validate_zipfile(zip_filepath: str) -> tuple[bool, str | None]:
         expected_eocd64_offset = None
         actual_eocd64_offset = None
 
+        # Track the number of CD records
+        # and their sizes.
+        cd_records = 0
+        cd_offset = None
+        cd_size = 0
+
+        # Values from EOCD or EOCD64.
+        eocd_cd_records = None
+        eocd_cd_offset = None
+        eocd_cd_size = None
+
         while True:
             try:
                 signature = _read_check(fp, 4)
@@ -244,7 +292,14 @@ def validate_zipfile(zip_filepath: str) -> tuple[bool, str | None]:
 
                 # Central Directory File Header
                 if signature == RECORD_SIG_CENTRAL_DIRECTORY:
-                    filename = _handle_central_directory_header(fp)
+                    # Record the first CD record we find as
+                    # the start of the central directory.
+                    if cd_offset is None:
+                        cd_offset = fp.tell() - 4
+                    cd_records += 1
+
+                    filename, extra = _handle_central_directory_header(fp)
+                    cd_size += 46 + len(filename) + len(extra)
                     if filename in cd_filenames:
                         raise InvalidZipFileError(
                             "Duplicate filename in central directory"
@@ -262,7 +317,24 @@ def validate_zipfile(zip_filepath: str) -> tuple[bool, str | None]:
 
                 # End of Central Directory
                 elif signature == RECORD_SIG_EOCD:
-                    _handle_eocd(fp)
+                    # If the ZIP is empty then we expect
+                    # to see zero CD entries.
+                    if cd_offset is None:
+                        cd_offset = fp.tell() - 4
+
+                    # If this archive is ZIP64 we use the values
+                    # from the EOCD64 values, otherwise use EOCD values.
+                    if actual_eocd64_offset is not None and eocd_cd_offset is not None:
+                        _handle_eocd(fp)
+                    else:
+                        eocd_cd_records, eocd_cd_size, eocd_cd_offset = _handle_eocd(fp)
+
+                    if eocd_cd_records != cd_records:
+                        raise InvalidZipFileError("Malformed zip file")
+                    if cd_offset is None or eocd_cd_offset != cd_offset:
+                        raise InvalidZipFileError("Malformed zip file")
+                    if cd_size is None or eocd_cd_size != cd_size:
+                        raise InvalidZipFileError("Malformed zip file")
                     break  # This always means the end of a ZIP.
 
                 # End of Central Directory (ZIP64)
@@ -271,7 +343,7 @@ def validate_zipfile(zip_filepath: str) -> tuple[bool, str | None]:
                     # we see EOCD64 Locator later.
                     # -4 because we just read signature bytes.
                     expected_eocd64_offset = fp.tell() - 4
-                    _handle_eocd64(fp)
+                    eocd_cd_records, eocd_cd_size, eocd_cd_offset = _handle_eocd64(fp)
 
                 # End of Central Directory (ZIP64) Locator
                 elif signature == RECORD_SIG_EOCD64_LOCATOR:

From 81bfcf7e17d5283a49a6b9ecb193d251210dd2b1 Mon Sep 17 00:00:00 2001
From: Seth Michael Larson <seth@python.org>
Date: Thu, 16 Oct 2025 09:37:33 -0500
Subject: [PATCH 2/3] Get 100% coverage

---
 tests/unit/utils/test_zipfiles.py | 166 ++++++++++++++++++++++++++++++
 warehouse/utils/zipfiles.py       |  18 ++--
 2 files changed, 178 insertions(+), 6 deletions(-)

diff --git a/tests/unit/utils/test_zipfiles.py b/tests/unit/utils/test_zipfiles.py
index c269284133b1..4540e4d6a5dd 100644
--- a/tests/unit/utils/test_zipfiles.py
+++ b/tests/unit/utils/test_zipfiles.py
@@ -4,6 +4,7 @@
 import os
 import pathlib
 import struct
+import tempfile
 
 import pytest
 
@@ -179,3 +180,168 @@ def test_local_file_invalid_filename_in_unicode_extra():
     with pytest.raises(zipfiles.InvalidZipFileError) as e:
         zipfiles._handle_local_file_header(fp, {"a": 0})
     assert str(e.value) == "Invalid character in filename"
+
+
+def test_local_file_invalid_filename_utf8():
+    extra = struct.pack("<HHxxxxx", 0x7075, 6) + b"\xf7"
+    header = struct.pack("<xxHHxxxxxxxxLxxxxHH", 0, 0, 0, 1, len(extra))
+    fp = io.BytesIO(header + b"a" + extra)
+    with pytest.raises(zipfiles.InvalidZipFileError) as e:
+        zipfiles._handle_local_file_header(fp, {"a": 0})
+    assert str(e.value) == "Filename not valid UTF-8"
+
+
+def test_local_file_multiple_extras():
+    extras = struct.pack("<HH", 0x7075, 1) + b"a" + struct.pack("<HHxxxx", 0x0002, 4)
+    header = struct.pack("<xxHHxxxxxxxxLxxxxHH", 0, 0, 0, 1, len(extras))
+    fp = io.BytesIO(header + b"a" + extras)
+    filename = zipfiles._handle_local_file_header(fp, {"a": 0})
+    assert filename == b"a"
+
+
+def test_cd_with_comment_rejected():
+    data = struct.pack("<xxxxxxxxxxxxxxxxLxxxxHHHxxxxxxxxL", 0, 1, 0, 1, 0)
+    fp = io.BytesIO(data)
+    with pytest.raises(zipfiles.InvalidZipFileError) as e:
+        zipfiles._handle_central_directory_header(fp)
+    assert str(e.value) == "Comment in central directory"
+
+
+def test_cd_with_invalid_filename():
+    data = struct.pack("<xxxxxxxxxxxxxxxxLxxxxHHHxxxxxxxxL", 0, 1, 0, 0, 0) + b"\x00"
+    fp = io.BytesIO(data)
+    with pytest.raises(zipfiles.InvalidZipFileError) as e:
+        zipfiles._handle_central_directory_header(fp)
+    assert str(e.value) == "Invalid character in filename"
+
+
+def test_eocd_mismatched_records_on_disk():
+    data = struct.pack("<xxxxHHLLH", 100, 1, 0, 0, 0)
+    fp = io.BytesIO(data)
+    with pytest.raises(zipfiles.InvalidZipFileError) as e:
+        zipfiles._handle_eocd(fp)
+    assert str(e.value) == "Malformed zip file"
+
+
+def test_eocd64_mismatched_records_on_disk():
+    data = struct.pack("<QxxxxxxxxxxxxQQQQ", 0, 100, 1, 0, 0)
+    fp = io.BytesIO(data)
+    with pytest.raises(zipfiles.InvalidZipFileError) as e:
+        zipfiles._handle_eocd64(fp)
+    assert str(e.value) == "Malformed zip file"
+
+
+def test_cd_and_eocd_match():
+    data_lf = (
+        zipfiles.RECORD_SIG_LOCAL_FILE
+        + struct.pack("<xxHHHxxxxxxLxxxxHH", 0, 0, 20, 0, 1, 0)
+        + b"a"
+    )
+    data_cd = (
+        zipfiles.RECORD_SIG_CENTRAL_DIRECTORY
+        + struct.pack("<HHxxxxxxxxxxxxLxxxxHHHxxxxxxxxL", 20, 20, 0, 1, 0, 0, 0)
+        + b"a"
+    )
+    cd_records = 1
+    cd_offset = len(data_lf)
+    cd_size = len(data_cd)
+    data_eocd = zipfiles.RECORD_SIG_EOCD + struct.pack(
+        "<xxxxHHLLH", cd_records, cd_records, cd_size, cd_offset, 0
+    )
+    data = data_lf + data_cd + data_eocd
+    with tempfile.NamedTemporaryFile(mode="wb") as tmp:
+        tmp.write(data)
+        tmp.flush()
+        assert (True, None) == zipfiles.validate_zipfile(tmp.name)
+
+
+@pytest.mark.parametrize(
+    ("cd_records", "error"),
+    [
+        (0, "Mismatched central directory records"),
+        (2, "Mismatched central directory records"),
+    ],
+)
+def test_cd_and_eocd_mismatch_records(cd_records, error):
+    data_lf = (
+        zipfiles.RECORD_SIG_LOCAL_FILE
+        + struct.pack("<xxHHHxxxxxxLxxxxHH", 0, 0, 20, 0, 1, 0)
+        + b"a"
+    )
+    data_cd = (
+        zipfiles.RECORD_SIG_CENTRAL_DIRECTORY
+        + struct.pack("<HHxxxxxxxxxxxxLxxxxHHHxxxxxxxxL", 20, 20, 0, 1, 0, 0, 0)
+        + b"a"
+    )
+    cd_offset = len(data_lf)
+    cd_size = len(data_cd)
+    data_eocd = zipfiles.RECORD_SIG_EOCD + struct.pack(
+        "<xxxxHHLLH", cd_records, cd_records, cd_size, cd_offset, 0
+    )
+    data = data_lf + data_cd + data_eocd
+    with tempfile.NamedTemporaryFile(mode="wb") as tmp:
+        tmp.write(data)
+        tmp.flush()
+        assert (False, error) == zipfiles.validate_zipfile(tmp.name)
+
+
+@pytest.mark.parametrize(
+    ("cd_offset_diff", "error"),
+    [
+        (-1, "Mismatched central directory offset"),
+        (1, "Mismatched central directory offset"),
+    ],
+)
+def test_cd_and_eocd_mismatch_offset(cd_offset_diff, error):
+    data_lf = (
+        zipfiles.RECORD_SIG_LOCAL_FILE
+        + struct.pack("<xxHHHxxxxxxLxxxxHH", 0, 0, 20, 0, 1, 0)
+        + b"a"
+    )
+    data_cd = (
+        zipfiles.RECORD_SIG_CENTRAL_DIRECTORY
+        + struct.pack("<HHxxxxxxxxxxxxLxxxxHHHxxxxxxxxL", 20, 20, 0, 1, 0, 0, 0)
+        + b"a"
+    )
+    cd_records = 1
+    cd_offset = len(data_lf) + cd_offset_diff
+    cd_size = len(data_cd)
+    data_eocd = zipfiles.RECORD_SIG_EOCD + struct.pack(
+        "<xxxxHHLLH", cd_records, cd_records, cd_size, cd_offset, 0
+    )
+    data = data_lf + data_cd + data_eocd
+    with tempfile.NamedTemporaryFile(mode="wb") as tmp:
+        tmp.write(data)
+        tmp.flush()
+        assert (False, error) == zipfiles.validate_zipfile(tmp.name)
+
+
+@pytest.mark.parametrize(
+    ("cd_size_diff", "error"),
+    [
+        (-1, "Bad magic number for central directory"),
+        (1, "Bad magic number for central directory"),
+    ],
+)
+def test_cd_and_eocd_mismatch_size(cd_size_diff, error):
+    data_lf = (
+        zipfiles.RECORD_SIG_LOCAL_FILE
+        + struct.pack("<xxHHHxxxxxxLxxxxHH", 0, 0, 20, 0, 1, 0)
+        + b"a"
+    )
+    data_cd = (
+        zipfiles.RECORD_SIG_CENTRAL_DIRECTORY
+        + struct.pack("<HHxxxxxxxxxxxxLxxxxHHHxxxxxxxxL", 20, 20, 0, 1, 0, 0, 0)
+        + b"a"
+    )
+    cd_records = 1
+    cd_offset = len(data_lf)
+    cd_size = len(data_cd) + cd_size_diff
+    data_eocd = zipfiles.RECORD_SIG_EOCD + struct.pack(
+        "<xxxxHHLLH", cd_records, cd_records, cd_size, cd_offset, 0
+    )
+    data = data_lf + data_cd + data_eocd
+    with tempfile.NamedTemporaryFile(mode="wb") as tmp:
+        tmp.write(data)
+        tmp.flush()
+        assert (False, error) == zipfiles.validate_zipfile(tmp.name)
diff --git a/warehouse/utils/zipfiles.py b/warehouse/utils/zipfiles.py
index 3774f9db37d9..8a7f51fdf026 100644
--- a/warehouse/utils/zipfiles.py
+++ b/warehouse/utils/zipfiles.py
@@ -121,7 +121,7 @@ def _handle_local_file_header(
             try:
                 unicode_name.decode("utf-8")
             except UnicodeError:
-                raise InvalidZipFileError("Filename not unicode")
+                raise InvalidZipFileError("Filename not valid UTF-8")
 
         extra = extra[extra_data_size + 4 :]
 
@@ -233,7 +233,7 @@ def validate_zipfile(zip_filepath: str) -> tuple[bool, str | None]:
     try:
         zfp = zipfile.ZipFile(zip_filepath, mode="r")
         # Store compression sizes from the CD for use later.
-        zipfile_files = {zfi.filename: zfi.compress_size for zfi in zfp.filelist}
+        zipfile_files = {zfi.orig_filename: zfi.compress_size for zfi in zfp.filelist}
     except zipfile.BadZipfile as e:
         return False, e.args[0]
 
@@ -330,11 +330,17 @@ def validate_zipfile(zip_filepath: str) -> tuple[bool, str | None]:
                         eocd_cd_records, eocd_cd_size, eocd_cd_offset = _handle_eocd(fp)
 
                     if eocd_cd_records != cd_records:
-                        raise InvalidZipFileError("Malformed zip file")
+                        raise InvalidZipFileError(
+                            "Mismatched central directory records"
+                        )
                     if cd_offset is None or eocd_cd_offset != cd_offset:
-                        raise InvalidZipFileError("Malformed zip file")
-                    if cd_size is None or eocd_cd_size != cd_size:
-                        raise InvalidZipFileError("Malformed zip file")
+                        raise InvalidZipFileError("Mismatched central directory offset")
+                    # This branch is tough to cover, as CPython's ZIP archive
+                    # implementation already doesn't like mismatches between size
+                    # and offset of the CD.
+                    if cd_size is None or eocd_cd_size != cd_size:  # pragma: no cover
+                        raise InvalidZipFileError("Mismatched central directory size")
+
                     break  # This always means the end of a ZIP.
 
                 # End of Central Directory (ZIP64)

From 51d815d2a7a35d5d5c943bbd04d5f98b736b9a5c Mon Sep 17 00:00:00 2001
From: Seth Michael Larson <seth@python.org>
Date: Fri, 17 Oct 2025 09:59:11 -0500
Subject: [PATCH 3/3] Add unexpected error to assert message

---
 tests/unit/utils/test_zipfiles.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/unit/utils/test_zipfiles.py b/tests/unit/utils/test_zipfiles.py
index 4540e4d6a5dd..04f6370a402d 100644
--- a/tests/unit/utils/test_zipfiles.py
+++ b/tests/unit/utils/test_zipfiles.py
@@ -82,8 +82,8 @@ def test_bad_zips(filename, error):
 @pytest.mark.parametrize("filename", list(os.listdir(ZIPDATA_DIR / "accept")))
 def test_good_zips(filename):
     result = zipfiles.validate_zipfile(zippath(f"accept/{filename}"))
+    assert result[0] is True, f"Expected no error, got {result[1]!r}"
     assert result[1] is None
-    assert result[0] is True
 
 
 def test_local_file_header():