New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[filesystem] ZipManager: skip path traversal #12024
Conversation
9c45d2b
to
35cfe35
Compare
|
updated to be equal with #12023 |
|
jenkins build this please |
2 similar comments
|
jenkins build this please |
|
jenkins build this please |
|
Hello, is this already available here? I see it is in the milestone and from https://kodi.tv/download seems that 17.2 has been released also there. I just wanted to double check. |
|
Ok I found the article here: https://kodi.tv/article/kodi-v172-minor-bug-fix-and-security-release |
|
Hi, I will make a presentation about Hacked in translation at one of my computer science courses. I would like also to reproduce the bug with a zip file. Could any of you guys can help me out with a malicious zip file? |
|
@razvansalajan sorry for being harsh on you, but you should be able to make one yourself. |
Description
Skip items in a zip file, which try to traverse to a parent directory.
Backport of #12023
Motivation and Context
Without this a zip file can override every file the current user has write permission.
How Has This Been Tested?
Tested with a malicious zip file.
Types of change
Checklist: