Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Prevent arbitrary file overwrite via path traversal [CVE-2019-10743] #169

Closed
wants to merge 2 commits into from
Closed

Prevent arbitrary file overwrite via path traversal [CVE-2019-10743] #169

wants to merge 2 commits into from

Commits on May 11, 2019

  1. Prevent arbitrary file overwrite via path traversal (Zip Slip attack)

    @giuliocomi
    giuliocomi committed May 11, 2019
    Configuration menu
    Copy the full SHA
    d818164 View commit details
    Browse the repository at this point in the history

Commits on May 15, 2019

  1. Added test cases for archive formats 

    the extraction process now continues with other files  by default even if there is a dot-dot filename, which is of course skipped.
The test evilarchives have been generated with following script:
https://github.com/giuliocomi/evilarchiver
Command:
$ mkdir safedir
$ touch security_test.txt safedir/safefile
$ python2 evilarchiver.py -e security_test.txt -n ../evilfile -s safedir/safefile
    @giuliocomi
    giuliocomi committed May 15, 2019
    Configuration menu
    Copy the full SHA
    164a5ae View commit details
    Browse the repository at this point in the history