Permalink
Browse files
fix: prevent extracting archived files outside of target path
- Loading branch information...
Showing
with
11 additions
and
0 deletions.
-
+11
−0
adm-zip.js
|
|
@@ -354,6 +354,9 @@ module.exports = function(/*String*/input) { |
|
|
|
|
|
|
|
|
var target = pth.resolve(targetPath, maintainEntryPath ? entryName : pth.basename(entryName));
|
|
|
if(!target.startsWith(targetPath)) {
|
|
|
throw Utils.Errors.INVALID_FILENAME + ": " + entryName;
|
|
|
}
|
|
|
|
|
|
if (item.isDirectory) {
|
|
|
target = pth.resolve(target, "..");
|
|
|
@@ -429,6 +432,10 @@ module.exports = function(/*String*/input) { |
|
|
_zip.entries.forEach(function(entry) {
|
|
|
entryName = entry.entryName.toString();
|
|
|
|
|
|
if(!pth.resolve(targetPath, entryName).startsWith(targetPath)) {
|
|
|
throw Utils.Errors.INVALID_FILENAME + ": " + entryName;
|
|
|
}
|
|
|
|
|
|
if(isWin){
|
|
|
entryName = escapeFileName(entryName)
|
|
|
}
|
|
|
@@ -471,6 +478,10 @@ module.exports = function(/*String*/input) { |
|
|
entryName = escapeFileName(entryName)
|
|
|
}
|
|
|
|
|
|
if(!pth.resolve(targetPath, entryName).startsWith(targetPath)) {
|
|
|
throw Utils.Errors.INVALID_FILENAME + ": " + entryName;
|
|
|
}
|
|
|
|
|
|
if (entry.isDirectory) {
|
|
|
Utils.makeDir(pth.resolve(targetPath, entryName));
|
|
|
if(--i == 0)
|
|
|
|
0 comments on commit
6f4dfeb