Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

DTF vulnerable to "Zip Slip" #6075

Closed
firegiantco opened this issue Sep 12, 2019 · 1 comment · Fixed by wixtoolset/wix3#497 or wixtoolset/wix3#498

Comments

@firegiantco
Copy link
Collaborator

commented Sep 12, 2019

Please provide answers to the following questions to help us narrow down, reproduce, and fix the problem. Fill out one section and delete the others.

  • Which version of WiX are you building with?

WiX v3.11.1

  • Which version of Visual Studio are you building with (if any)?

N/A

  • Which version of the WiX Toolset Visual Studio Extension are you building with (if any)?

N/A

  • Which version of .NET are you building with?

Any

  • If the problem occurs when installing your packages built with WiX, what is the version of Windows the package is running on?

N/A

  • Describe the problem and the steps to reproduce it.

A maliciously crafted cabinet or zip file can be created with traversal paths in the archived file names. For example, ..\..\hackedu.dll. DTF's ArchiveFileStreamContext will concatenate the archived file path with a provided base directory, such that the traversal path can place the file outside the provided base directory and possibly overwriting the user's files. This is known as Zip Slip.

  • Describe the behavior you expected and how it differed from the actual behavior.

DTF should not write files outside the extraction folder.

This issue was originally reported by Devin Casadey.

@firegiantco

This comment has been minimized.

Copy link
Collaborator Author

commented Sep 12, 2019

WIP

@barnson barnson added this to the v3.x milestone Sep 12, 2019
@barnson barnson added bug dtf labels Sep 12, 2019
barnson added a commit to wixtoolset/wix3 that referenced this issue Sep 16, 2019
robmen added a commit to wixtoolset/wix3 that referenced this issue Sep 16, 2019
robmen added a commit to wixtoolset/Dtf that referenced this issue Sep 26, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.