diff options
| -rw-r--r-- | libmat2/archive.py | 16 |
1 files changed, 13 insertions, 3 deletions
diff --git a/libmat2/archive.py b/libmat2/archive.py index 31d97a0..f90385b 100644 --- a/libmat2/archive.py +++ b/libmat2/archive.py | |||
| @@ -193,14 +193,24 @@ class ArchiveBasedAbstractParser(abstract.AbstractParser): | |||
| 193 | zin.extract(member=item, path=temp_folder) | 193 | zin.extract(member=item, path=temp_folder) |
| 194 | full_path = os.path.join(temp_folder, member_name) | 194 | full_path = os.path.join(temp_folder, member_name) |
| 195 | 195 | ||
| 196 | original_permissions = os.stat(full_path).st_mode | 196 | try: |
| 197 | original_permissions = os.stat(full_path).st_mode | ||
| 198 | except FileNotFoundError: | ||
| 199 | logging.error("Something went wrong during processing of " | ||
| 200 | "%s in %s, likely a path traversal attack.", | ||
| 201 | member_name, self.filename) | ||
| 202 | abort = True | ||
| 203 | # we're breaking instead of continuing, because this exception | ||
| 204 | # is raised in case of weird path-traversal-like atttacks. | ||
| 205 | break | ||
| 206 | |||
| 197 | os.chmod(full_path, original_permissions | stat.S_IWUSR | stat.S_IRUSR) | 207 | os.chmod(full_path, original_permissions | stat.S_IWUSR | stat.S_IRUSR) |
| 198 | 208 | ||
| 199 | original_compression = self._get_member_compression(item) | 209 | original_compression = self._get_member_compression(item) |
| 200 | 210 | ||
| 201 | if self._specific_cleanup(full_path) is False: | 211 | if self._specific_cleanup(full_path) is False: |
| 202 | logging.warning("Something went wrong during deep cleaning of %s", | 212 | logging.warning("Something went wrong during deep cleaning of %s in %s", |
| 203 | member_name) | 213 | member_name, self.filename) |
| 204 | abort = True | 214 | abort = True |
| 205 | continue | 215 | continue |
| 206 | 216 | ||