Burn payloads can have Names that allow escaping cache folder #5265

Closed
barnson opened this Issue Apr 15, 2016 · 2 comments

Comments

Projects
None yet
3 participants
@barnson
Member

barnson commented Apr 15, 2016

Please provide answers to the following questions to help us narrow down, reproduce, and fix the problem. Fill out one section and delete the others.

Bugs

If this issue is a bug:

  • Which version of WiX are you building with?

3.10.2.2516

  • Describe the problem and the steps to reproduce it.

Authoring like

<MsiPackage SourceFile="$(var.Msi.TargetPath)" Name="..\myveryspecialmsi.msi">

is legal. But it "moves" the payload out of the intended cache directory.

  • Describe the behavior you expected and how it differed from the actual behavior.

Backslashes should be allowed to support subdirectories of the cache directory but .. should be a compile-time error.

@barnson barnson added this to the v3.11 milestone Apr 19, 2016

@barnson barnson added bug burn labels Apr 19, 2016

@barnson

This comment has been minimized.

Show comment
Hide comment
@barnson

barnson Jan 31, 2017

Member

Warning in v3. Already an error in v4(?).

Member

barnson commented Jan 31, 2017

Warning in v3. Already an error in v4(?).

@rseanhall

This comment has been minimized.

Show comment
Hide comment

robmen added a commit to robmen/wix3 that referenced this issue Feb 18, 2017

robmen added a commit to robmen/wix3 that referenced this issue Feb 18, 2017

@robmen robmen referenced this issue in wixtoolset/wix3 Feb 18, 2017

Closed

Fix 5265 and 5307 #411

robmen added a commit to robmen/wix4 that referenced this issue Feb 26, 2017

rseanhall added a commit to wixtoolset/wix3 that referenced this issue Feb 26, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment