security-and-privacy/mat2
security-and-privacy/mat2
1
0
Fork 0
mirror of synced 2024-11-22 09:14:23 +01:00
Code Releases Activity

Prevent arbitrary file read via zip archives

Browse Source 
A zip file with a file pointing to /etc/passwd would, upon being cleaned by
mat2, produce a file with the filesystem's /etc/passwd file.
This commit is contained in:
jvoisin 2022-07-05 16:27:07 +02:00
parent e2c4dbf721
commit beebca4bf1
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
libmat2/archive.py
View File

@ -190,8 +190,14 @@ class ArchiveBasedAbstractParser(abstract.AbstractParser):
if member_name[-1] == '/': # `is_dir` is added in Python3.6 if member_name[-1] == '/': # `is_dir` is added in Python3.6
continue # don't keep empty folders continue # don't keep empty folders
zin.extract(member=item, path=temp_folder)
full_path = os.path.join(temp_folder, member_name) full_path = os.path.join(temp_folder, member_name)
if not os.path.abspath(full_path).startswith(temp_folder):
logging.error("%s contains a file (%s) pointing outside (%s) of its root.",
self.filename, member_name, full_path)
abort = True
break
zin.extract(member=item, path=temp_folder)
try: try:
original_permissions = os.stat(full_path).st_mode original_permissions = os.stat(full_path).st_mode