Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[filesystem] ZipManager: skip path traversal #12023

Merged
merged 1 commit into from May 10, 2017
Merged

[filesystem] ZipManager: skip path traversal #12023

merged 1 commit into from May 10, 2017

Conversation

Rechi
Copy link
Member

@Rechi Rechi commented Apr 28, 2017

Description

Skip items in a zip file, which try to traverse to a parent directory.

Motivation and Context

Without this a zip file can override every file the current user has write permission.

How Has This Been Tested?

Tested with a malicious zip file.

Types of change

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

  • My code follows the Code guidelines of this project
  • My change requires a change to the documentation, either Doxygen or wiki
  • I have updated the documentation accordingly
  • I have read the CONTRIBUTING document
  • I have added tests to cover my change
  • All new and existing tests passed

@ace20022 @MartijnKaijser @wsnipex FYI

@Rechi Rechi added Backport: Needed Type: Fix non-breaking change which fixes an issue v18 Leia labels Apr 28, 2017
@Rechi Rechi added this to the L 18.0-alpha1 milestone Apr 28, 2017
@wsnipex
Copy link
Member

wsnipex commented Apr 28, 2017

thanks! jenkins build this please

@Rechi Rechi mentioned this pull request Apr 28, 2017
Merged
9 tasks
@tamland
Copy link
Member

tamland commented Apr 28, 2017

Please add some tests that verifies this.

@Rechi
Copy link
Member Author

Rechi commented Apr 28, 2017

@tamland should I add tests which only check the regex or also check with a real zip file?

@tamland
Copy link
Member

tamland commented Apr 28, 2017
edited

I think just the regex/file filtering should be good enough.
Not sure how smart it would be to unpack a real malicious zip to a real directory..:)

@Rechi
Copy link
Member Author

Rechi commented Apr 28, 2017

added some testcases
Still not sure if I create a new testcase file is valid.

Paxxi
Paxxi reviewed May 7, 2017
View reviewed changes
xbmc/filesystem/ZipManager.h Outdated
#include <string>
#include <vector>
#include <map>

class CURL;

static const std::regex PATH_TRAVERASL("(^|\\/|\\\\)\\.{2}($|\\/|\\\\)");

This comment was marked as spam.

Sign in to view

@Rechi
Copy link
Member Author

Rechi commented May 7, 2017

@Paxxi updated

Paxxi
Paxxi reviewed May 7, 2017
View reviewed changes
Copy link
Member

@Paxxi Paxxi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me

@Rechi
Copy link
Member Author

Rechi commented May 9, 2017

@tamland @wsnipex please have a look again as I've done a few changes

@wsnipex
Copy link
Member

wsnipex commented May 10, 2017

looks good

@Rechi
Copy link
Member Author

Rechi commented May 10, 2017

jenkins build this please

@Rechi Rechi merged commit fba3536 into xbmc:master May 10, 2017
@Rechi Rechi deleted the zipTraversal branch May 10, 2017 08:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Paxxi Paxxi Paxxi left review comments

@tamland tamland tamland approved these changes

Assignees
No one assigned
Labels
Backport: Done Type: Fix non-breaking change which fixes an issue v18 Leia
Projects
None yet
Milestone
Leia 18.0-alpha1
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@Rechi @wsnipex @tamland @Paxxi