fix directory traversal issues in miniunzip
bug-debian: https://bugs.debian.org/774321 bug-debian: https://bugs.debian.org/776831 Gbp-Pq: Name traversal.patch
This commit is contained in:
parent
cb8c4f3a8e
commit
bb6b6080f5
14
miniunz.c
14
miniunz.c
|
@ -355,6 +355,20 @@ int do_extract_currentfile(uf,popt_extract_without_path,popt_overwrite,password)
|
||||||
else
|
else
|
||||||
write_filename = filename_withoutpath;
|
write_filename = filename_withoutpath;
|
||||||
|
|
||||||
|
if (write_filename[0]!='\0')
|
||||||
|
{
|
||||||
|
const char* relative_check = write_filename;
|
||||||
|
while (relative_check[1]!='\0')
|
||||||
|
{
|
||||||
|
if (relative_check[0]=='.' && relative_check[1]=='.')
|
||||||
|
write_filename = relative_check;
|
||||||
|
relative_check++;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
while (write_filename[0]=='/' || write_filename[0]=='.')
|
||||||
|
write_filename++;
|
||||||
|
|
||||||
err = unzOpenCurrentFilePassword(uf,password);
|
err = unzOpenCurrentFilePassword(uf,password);
|
||||||
if (err!=UNZ_OK)
|
if (err!=UNZ_OK)
|
||||||
{
|
{
|
||||||
|
|
Loading…
Reference in New Issue