rpm/deepin-compressor
SHA256
1
0
Fork 0
forked from pool/deepin-compressor
Code Pull Requests Activity
Files
factory
deepin-compressor/fix-Zip-Path-Traversal.patch
Hillwood Yang 14cb8a5658 Accepting request 1135475 from home:hillwood:branches:X11:Deepin 
- Add fix-Zip-Path-Traversal.patch
  * Fix Zip Path Traversal (boo#1218428 and CVE-2023-50255)

OBS-URL: https://build.opensuse.org/request/show/1135475
OBS-URL: https://build.opensuse.org/package/show/X11:Deepin/deepin-compressor?expand=0&rev=17
2023-12-28 12:58:42 +00:00

16 lines
844 B
Diff
Raw Permalink Blame History

diff -Nur deepin-compressor-5.12.13/3rdparty/libzipplugin/libzipplugin.cpp deepin-compressor-5.12.13-new/3rdparty/libzipplugin/libzipplugin.cpp
--- deepin-compressor-5.12.13/3rdparty/libzipplugin/libzipplugin.cpp 2022-12-28 13:50:00.000000000 +0800
+++ deepin-compressor-5.12.13-new/3rdparty/libzipplugin/libzipplugin.cpp 2023-12-28 20:41:04.137085065 +0800
@@ -741,6 +741,11 @@
}
strFileName = m_common->trans2uft8(statBuffer.name, m_mapFileCode[index]); // 解压文件名(压缩包中)
+ //fix 232873
+ if(strFileName.indexOf("../") != -1) {
+ qInfo() << "skipped ../ path component(s) in " << strFileName;
+ strFileName = strFileName.replace("../", "");
+ }
QString strOriginName = strFileName;
// 针对文件夹名称过长的情况,直接提示解压失败,文件夹名称过长
View Git Blame Copy Permalink