From 72e6d652fc77303bf01d262ffd6a26805171df54 Mon Sep 17 00:00:00 2001
From: Jacob Prezant <179630496+jacobprezant@users.noreply.github.com>
Date: Fri, 2 Jan 2026 15:42:07 -0500
Subject: [PATCH 1/2] fix: zip slip path traversal

---
 RootHelper/unarchive.m | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/RootHelper/unarchive.m b/RootHelper/unarchive.m
index f62e09f..8e197aa 100644
--- a/RootHelper/unarchive.m
+++ b/RootHelper/unarchive.m
@@ -58,6 +58,12 @@ int extract(NSString* fileToExtract, NSString* extractionPath)
             return 1;
         
         NSString* currentFile = [NSString stringWithUTF8String:archive_entry_pathname(entry)];
+        if (currentFile.length == 0) {
+            continue;
+        }
+        if ([currentFile hasPrefix:@"/"] || [currentFile containsString:@".."]) {
+            return 1;
+        }
         NSString* fullOutputPath = [extractionPath stringByAppendingPathComponent:currentFile];
         //printf("extracting %@ to %@\n", currentFile, fullOutputPath);
         archive_entry_set_pathname(entry, fullOutputPath.fileSystemRepresentation);

From 3caf9addd29f0cc4cd15086cc7f288fa80522e2a Mon Sep 17 00:00:00 2001
From: Jacob Prezant <179630496+jacobprezant@users.noreply.github.com>
Date: Fri, 2 Jan 2026 15:54:37 -0500
Subject: [PATCH 2/2] fix: app path validation logic in uninstallAppByPath

---
 RootHelper/main.m | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/RootHelper/main.m b/RootHelper/main.m
index 9160b78..44e65a6 100644
--- a/RootHelper/main.m
+++ b/RootHelper/main.m
@@ -1169,7 +1169,7 @@ int uninstallAppByPath(NSString* appPath, BOOL useCustomMethod)
 
 	NSString* standardizedAppPath = appPath.stringByStandardizingPath;
 
-	if(![standardizedAppPath hasPrefix:@"/var/containers/Bundle/Application/"] && standardizedAppPath.pathComponents.count == 5)
+	if(![standardizedAppPath hasPrefix:@"/var/containers/Bundle/Application/"] || standardizedAppPath.pathComponents.count < 5)
 	{
 		return 1;
 	}