bughz/TrollStore
1
0
Fork 0
mirror of https://github.com/opa334/TrollStore.git synced 2026-01-11 15:42:24 +08:00
Code Issues Projects Releases Wiki Activity

fix: zip slip path traversal

Browse Source
This commit is contained in:
Jacob Prezant 2026-01-02 15:42:07 -05:00
parent d11c04666a
commit 72e6d652fc
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
RootHelper/unarchive.m
View File

@ -58,6 +58,12 @@ int extract(NSString* fileToExtract, NSString* extractionPath)
return 1; return 1;
NSString* currentFile = [NSString stringWithUTF8String:archive_entry_pathname(entry)]; NSString* currentFile = [NSString stringWithUTF8String:archive_entry_pathname(entry)];
if (currentFile.length == 0) {
continue;
}
if ([currentFile hasPrefix:@"/"] || [currentFile containsString:@".."]) {
return 1;
}
NSString* fullOutputPath = [extractionPath stringByAppendingPathComponent:currentFile]; NSString* fullOutputPath = [extractionPath stringByAppendingPathComponent:currentFile];
//printf("extracting %@ to %@\n", currentFile, fullOutputPath); //printf("extracting %@ to %@\n", currentFile, fullOutputPath);
archive_entry_set_pathname(entry, fullOutputPath.fileSystemRepresentation); archive_entry_set_pathname(entry, fullOutputPath.fileSystemRepresentation);