Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

InvalidNameException(Parent traversal in paths is not allowed) is thrown when trying to extract directory archive with RootPath #758

Closed
6opuc opened this issue Jun 21, 2022 · 2 comments
Closed

InvalidNameException(Parent traversal in paths is not allowed) is thrown when trying to extract directory archive with RootPath #758

6opuc opened this issue Jun 21, 2022 · 2 comments

Comments

@6opuc
Copy link

6opuc commented Jun 21, 2022
edited by piksel
Loading

Steps to reproduce

  1. Create archive from /some/directory using SharpZipLib: recursive, set RootPath to /some/directory
  2. Extact this archive using SharpZipLib

Expected behavior

Archive should be extracted

Actual behavior

InvalidNameException(Parent traversal in paths is not allowed)

Version of SharpZipLib

1.3.3

Obtained from (only keep the relevant lines)

  • Package installed using NuGet

Example

using System.Text;
using ICSharpCode.SharpZipLib.GZip;
using ICSharpCode.SharpZipLib.Tar;

var directory = $"/tmp/{Guid.NewGuid()}";
Directory.CreateDirectory(directory);
File.WriteAllText($"{directory}/1.txt", "1");

var archiveFilePath = $"/tmp/{Guid.NewGuid()}.tar.gz";

using (var archiveStream = new GZipOutputStream(File.Create(archiveFilePath)))
{
    using (TarArchive tarArchive = TarArchive.CreateOutputTarArchive(archiveStream, Encoding.UTF8))
    {
        tarArchive.RootPath = directory;
        // this is workaround for another issue: tarArchive.RootPath is ignored otherwise
        while (tarArchive.RootPath.StartsWith("/", StringComparison.Ordinal))
        {
            tarArchive.RootPath = tarArchive.RootPath.Substring(1);
        }
        var entry = TarEntry.CreateEntryFromFile(directory);
        // ExtractContents fails without this line of code below:  Parent traversal in paths is not allowed
        //entry.Name += "./";
        tarArchive.WriteEntry(entry, true);
    }
}

using (var archiveStream = File.OpenRead(archiveFilePath))
{
    using (var gzipStream = new GZipInputStream(archiveStream))
    {
        using (var tarArchive = TarArchive.CreateInputTarArchive(gzipStream, Encoding.UTF8))
        {
            tarArchive.ExtractContents($"/tmp/{Guid.NewGuid()}");
        }
    }
}

Console.WriteLine("Done");
@piksel
Copy link
Member

piksel commented Dec 17, 2022

If you want to allow path traversal, you need to explicitly allow it using ExtractContents(String, Boolean).

To log the actual internal file paths of the tar archive (on either extract and/or create), use:

tarArchive.ProgressMessageEvent += (archive, entry, message) => {
	Console.WriteLine($"{entry.Name}: {message}");
}

@piksel
Copy link
Member

piksel commented Dec 17, 2022

I think the core of this issue was what #582 fixed. The sample above works as expected in v1.4+:
https://dotnetfiddle.net/TDSoGn

@piksel piksel closed this as completed Dec 17, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@piksel @6opuc