From 72e6d652fc77303bf01d262ffd6a26805171df54 Mon Sep 17 00:00:00 2001
From: Jacob Prezant <179630496+jacobprezant@users.noreply.github.com>
Date: Fri, 2 Jan 2026 15:42:07 -0500
Subject: [PATCH] fix: zip slip path traversal

---
 RootHelper/unarchive.m | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/RootHelper/unarchive.m b/RootHelper/unarchive.m
index f62e09f..8e197aa 100644
--- a/RootHelper/unarchive.m
+++ b/RootHelper/unarchive.m
@@ -58,6 +58,12 @@ int extract(NSString* fileToExtract, NSString* extractionPath)
             return 1;
         
         NSString* currentFile = [NSString stringWithUTF8String:archive_entry_pathname(entry)];
+        if (currentFile.length == 0) {
+            continue;
+        }
+        if ([currentFile hasPrefix:@"/"] || [currentFile containsString:@".."]) {
+            return 1;
+        }
         NSString* fullOutputPath = [extractionPath stringByAppendingPathComponent:currentFile];
         //printf("extracting %@ to %@\n", currentFile, fullOutputPath);
         archive_entry_set_pathname(entry, fullOutputPath.fileSystemRepresentation);