diff options
| author | Jason Smalls | 2023-07-11 21:31:53 +0200 |
|---|---|---|
| committer | jvoisin | 2023-07-11 21:31:53 +0200 |
| commit | 1bcb945360e757e5fa881dc274d9dae8dd825afb (patch) | |
| tree | 0f89809b1a4098574b9a598d998da041186f06a9 | |
| parent | 9159fe8705daa36ea1da7ee328beafaa1ad4674f (diff) | |
Harden get_meta in archive.py against variants of CVE-2022-35410
| -rw-r--r-- | libmat2/archive.py | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/libmat2/archive.py b/libmat2/archive.py index 847f81c..5978846 100644 --- a/libmat2/archive.py +++ b/libmat2/archive.py | |||
| @@ -146,8 +146,14 @@ class ArchiveBasedAbstractParser(abstract.AbstractParser): | |||
| 146 | if self._is_dir(item): # pragma: no cover | 146 | if self._is_dir(item): # pragma: no cover |
| 147 | continue # don't keep empty folders | 147 | continue # don't keep empty folders |
| 148 | 148 | ||
| 149 | zin.extract(member=item, path=temp_folder) | ||
| 150 | full_path = os.path.join(temp_folder, member_name) | 149 | full_path = os.path.join(temp_folder, member_name) |
| 150 | if not os.path.abspath(full_path).startswith(temp_folder): | ||
| 151 | logging.error("%s contains a file (%s) pointing outside (%s) of its root.", | ||
| 152 | self.filename, member_name, full_path) | ||
| 153 | break | ||
| 154 | |||
| 155 | zin.extract(member=item, path=temp_folder) | ||
| 156 | |||
| 151 | os.chmod(full_path, stat.S_IRUSR) | 157 | os.chmod(full_path, stat.S_IRUSR) |
| 152 | 158 | ||
| 153 | specific_meta = self._specific_get_meta(full_path, member_name) | 159 | specific_meta = self._specific_get_meta(full_path, member_name) |