Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

DTF vulnerable to "Zip Slip" #6075

Closed
firegiantco opened this issue Sep 12, 2019 · 1 comment · Fixed by wixtoolset/wix3#497 or wixtoolset/wix3#498
Closed

DTF vulnerable to "Zip Slip" #6075

firegiantco opened this issue Sep 12, 2019 · 1 comment · Fixed by wixtoolset/wix3#497 or wixtoolset/wix3#498
Assignees
Milestone

Comments

@firegiantco
Copy link

@firegiantco firegiantco commented Sep 12, 2019

Please provide answers to the following questions to help us narrow down, reproduce, and fix the problem. Fill out one section and delete the others.

  • Which version of WiX are you building with?

WiX v3.11.1

  • Which version of Visual Studio are you building with (if any)?

N/A

  • Which version of the WiX Toolset Visual Studio Extension are you building with (if any)?

N/A

  • Which version of .NET are you building with?

Any

  • If the problem occurs when installing your packages built with WiX, what is the version of Windows the package is running on?

N/A

  • Describe the problem and the steps to reproduce it.

A maliciously crafted cabinet or zip file can be created with traversal paths in the archived file names. For example, ..\..\hackedu.dll. DTF's ArchiveFileStreamContext will concatenate the archived file path with a provided base directory, such that the traversal path can place the file outside the provided base directory and possibly overwriting the user's files. This is known as Zip Slip.

  • Describe the behavior you expected and how it differed from the actual behavior.

DTF should not write files outside the extraction folder.

This issue was originally reported by Devin Casadey.

@firegiantco
Copy link
Author

@firegiantco firegiantco commented Sep 12, 2019

WIP

@barnson barnson added this to the v3.x milestone Sep 12, 2019
@robmen robmen closed this in #497 Sep 15, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants