代码拉取完成,页面将自动刷新
From 14a5f8f266c16c87ab6c086fc52b770b27701e01 Mon Sep 17 00:00:00 2001
From: Matt Wilson <[email protected]>
Date: Wed, 17 Jan 2024 14:46:18 -0800
Subject: [PATCH] Neutralize zip file traversal attacks in miniunz.
Archive formats such as .zip files are generally susceptible to
so-called "traversal attacks". This allows an attacker to craft
an archive that writes to unexpected locations of the file system
(e.g., /etc/shadow) if an unspecting root user were to unpack a
malicious archive.
This patch neutralizes absolute paths such as /tmp/moo and deeply
relative paths such as dummy/../../../../../../../../../../tmp/moo
The Debian project requested CVE-2014-9485 be allocated for the
first identified weakness. The fix was incomplete, resulting in a
revised patch applied here. Since there wasn't an updated version
released by Debian with the incomplete fix, I suggest we use this
CVE to identify both issues.
Link: https://security.snyk.io/research/zip-slip-vulnerability
Link: https://bugs.debian.org/774321
Link: https://bugs.debian.org/776831
Link: https://nvd.nist.gov/vuln/detail/CVE-2014-9485
Reported-by: Jakub Wilk <[email protected]>
Fixed-by: Michael Gilbert <[email protected]>
---
contrib/minizip/miniunz.c | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/contrib/minizip/miniunz.c b/contrib/minizip/miniunz.c
index 0c2fb0d82..d627c4226 100644
--- a/contrib/minizip/miniunz.c
+++ b/contrib/minizip/miniunz.c
@@ -356,6 +356,20 @@ static int do_extract_currentfile(unzFile uf, const int* popt_extract_without_pa
else
write_filename = filename_withoutpath;
+ if (write_filename[0]!='\0')
+ {
+ const char* relative_check = write_filename;
+ while (relative_check[1]!='\0')
+ {
+ if (relative_check[0]=='.' && relative_check[1]=='.')
+ write_filename = relative_check;
+ relative_check++;
+ }
+ }
+
+ while (write_filename[0]=='/' || write_filename[0]=='.')
+ write_filename++;
+
err = unzOpenCurrentFilePassword(uf,password);
if (err!=UNZ_OK)
{
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。
马建仓 AI 助手