diff options
| author | jvoisin | 2022-07-05 16:27:07 +0200 |
|---|---|---|
| committer | jvoisin | 2022-07-05 16:27:07 +0200 |
| commit | beebca4bf1cd3b935824c966ce077e7bcf610385 (patch) | |
| tree | 29ab9ceb14de29d1f44128f6495cbf52f572477e | |
| parent | e2c4dbf721aca11e8010063ef69dd1e35fd9945a (diff) | |
Prevent arbitrary file read via zip archives
A zip file with a file pointing to /etc/passwd would, upon being cleaned by
mat2, produce a file with the filesystem's /etc/passwd file.
| -rw-r--r-- | libmat2/archive.py | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/libmat2/archive.py b/libmat2/archive.py index f90385b..39fb23e 100644 --- a/libmat2/archive.py +++ b/libmat2/archive.py | |||
| @@ -190,8 +190,14 @@ class ArchiveBasedAbstractParser(abstract.AbstractParser): | |||
| 190 | if member_name[-1] == '/': # `is_dir` is added in Python3.6 | 190 | if member_name[-1] == '/': # `is_dir` is added in Python3.6 |
| 191 | continue # don't keep empty folders | 191 | continue # don't keep empty folders |
| 192 | 192 | ||
| 193 | zin.extract(member=item, path=temp_folder) | ||
| 194 | full_path = os.path.join(temp_folder, member_name) | 193 | full_path = os.path.join(temp_folder, member_name) |
| 194 | if not os.path.abspath(full_path).startswith(temp_folder): | ||
| 195 | logging.error("%s contains a file (%s) pointing outside (%s) of its root.", | ||
| 196 | self.filename, member_name, full_path) | ||
| 197 | abort = True | ||
| 198 | break | ||
| 199 | |||
| 200 | zin.extract(member=item, path=temp_folder) | ||
| 195 | 201 | ||
| 196 | try: | 202 | try: |
| 197 | original_permissions = os.stat(full_path).st_mode | 203 | original_permissions = os.stat(full_path).st_mode |