vIDM Patch Extraction Fails with "missing bytes in zipfile" and "not enough memory for bomb detection"
search cancel

vIDM Patch Extraction Fails with "missing bytes in zipfile" and "not enough memory for bomb detection"

book

Article ID: 437064

calendar_today

Updated On:

Products

VCF Operations/Automation (formerly VMware Aria Suite)

Issue/Introduction

  • Execution of the unzip utility against a patch archive (e.g., CSP-102547-Appliance-3.3.7-Patch.zip) on the vIDM appliance shell fails.
  • The console outputs the following sequence of errors:
error [CSP-102547-Appliance-3.3.7-Patch.zip]:  missing 32654 bytes in zipfile
  (attempting to process anyway)
error: not enough memory for bomb detection
  • The appliance possesses sufficient disk space and RAM, contradicting the memory error.
  • The identical archive extracts successfully on a local Windows workstation.

Environment

  • VMware Identity Manager (vIDM) 3.3.x

Cause

  • The .zip payload is physically truncated or corrupted on the vIDM appliance filesystem. This state is consistently induced during transit when an SCP/SFTP client (such as WinSCP or FileZilla) is configured to use "ASCII" or "Text" transfer mode rather than "Binary" mode, which alters line endings and corrupts the byte structure of compressed archives.
    When the OS-level unzip utility processes this truncated archive, the missing bytes cause a misalignment in the directory offsets. The utility misinterprets the resulting data structure as a massive, overlapped archive (a "zip bomb"). This triggers a secondary security exception (not enough memory for bomb detection) implemented at the OS level to mitigate CVE-2019-13232.

Resolution

To resolve this issue, re-transfer the payload utilizing strict binary encoding.

 

1. Access the vIDM appliance via SSH as the root user.

2. Purge the corrupted archive from the target directory:

Bash
rm -f /db/vidm-upgrade/<Patch-Archive-Name>.zip

3. Access the SCP/SFTP client utilized for the transfer.

4. Navigate to the client's transfer settings and explicitly force the transfer mode to Binary (disable "ASCII", "Text", or "Auto" modes).

5. Re-initiate the file transfer of the .zip archive from the local workstation to the vIDM appliance.

6. Validate that the byte size of the payload on the appliance perfectly matches the source file on the workstation.

7. Re-execute the standard unzip and patching procedures.

Powered by Wolken Software