Overview
Comment: | ofzip: Refactor safe path checking |
---|---|
Downloads: | Tarball | ZIP archive | SQL archive |
Timelines: | family | ancestors | descendants | both | trunk |
Files: | files | file ages | folders |
SHA3-256: |
f29afa4a27d50fbd4d4110de722d2877 |
User & Date: | js on 2018-05-21 12:10:12 |
Other Links: | manifest | tags |
Context
2018-05-21
| ||
15:54 | configure: Link tests with -lcomplex if available check-in: f59ef88b32 user: js tags: trunk | |
12:10 | ofzip: Refactor safe path checking check-in: f29afa4a27 user: js tags: trunk | |
10:53 | .travis.yml: Remove hack for amiga-gcc check-in: c93d2a5ec9 user: js tags: trunk | |
Changes
Modified utils/ofzip/OFZIP.h from [167084236d] to [922682e77a].
︙ | ︙ | |||
16 17 18 19 20 21 22 23 24 25 26 27 28 29 | */ #import "OFObject.h" #import "OFString.h" #import "Archive.h" #ifndef S_IRWXG # define S_IRWXG 0 #endif #ifndef S_IRWXO # define S_IRWXO 0 #endif | > > | 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 | */ #import "OFObject.h" #import "OFString.h" #import "Archive.h" OF_ASSUME_NONNULL_BEGIN #ifndef S_IRWXG # define S_IRWXG 0 #endif #ifndef S_IRWXO # define S_IRWXO 0 #endif |
︙ | ︙ | |||
40 41 42 43 44 45 46 47 | type: (OFString *)type mode: (char)mode; - (bool)shouldExtractFile: (OFString *)fileName outFileName: (OFString *)outFileName; - (ssize_t)copyBlockFromStream: (OFStream *)input toStream: (OFStream *)output fileName: (OFString *)fileName; @end | > > > | 42 43 44 45 46 47 48 49 50 51 52 | type: (OFString *)type mode: (char)mode; - (bool)shouldExtractFile: (OFString *)fileName outFileName: (OFString *)outFileName; - (ssize_t)copyBlockFromStream: (OFStream *)input toStream: (OFStream *)output fileName: (OFString *)fileName; - (nullable OFString *)safeLocalPathForPath: (OFString *)path; @end OF_ASSUME_NONNULL_END |
Modified utils/ofzip/OFZIP.m from [288d6fb85f] to [3932bfb77d].
︙ | ︙ | |||
573 574 575 576 577 578 579 580 | @"file", fileName, @"error", error)]; return -1; } return length; } @end | > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > | 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606 607 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 | @"file", fileName, @"error", error)]; return -1; } return length; } - (OFString *)safeLocalPathForPath: (OFString *)path { void *pool = objc_autoreleasePoolPush(); path = [path stringByStandardizingPath]; #if defined(OF_WINDOWS) || defined(OF_MSDOS) if ([path containsString: @":"] || [path hasPrefix: @"\\"]) { #elif defined(OF_AMIGAOS) if ([path containsString: @":"] || [path hasPrefix: @"/"]) { #else if ([path hasPrefix: @"/"]) { #endif objc_autoreleasePoolPop(pool); return nil; } if ([path length] == 0) { objc_autoreleasePoolPop(pool); return nil; } /* * After -[stringByStandardizingPath], everything representing parent * directory should be at the beginning, so in theory checking the * first component should be enough. But it does not hurt being * paranoid and checking all components, just in case. */ for (OFString *component in [path pathComponents]) { #ifdef OF_AMIGAOS if ([component length] == 0 || [component isEqual: @"/"]) { #else if ([component length] == 0 || [component isEqual: @".."]) { #endif objc_autoreleasePoolPop(pool); return nil; } } [path retain]; objc_autoreleasePoolPop(pool); return [path autorelease]; } @end |
Modified utils/ofzip/TarArchive.m from [3aacd208ea] to [154c675e84].
︙ | ︙ | |||
251 252 253 254 255 256 257 | [OFMutableSet setWithArray: files]; OFTarArchiveEntry *entry; while ((entry = [_archive nextEntry]) != nil) { void *pool = objc_autoreleasePoolPush(); OFString *fileName = [entry fileName]; of_tar_archive_entry_type_t type = [entry type]; | | < < < | < | < < < < < < < < < < < < < < < < < | 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 | [OFMutableSet setWithArray: files]; OFTarArchiveEntry *entry; while ((entry = [_archive nextEntry]) != nil) { void *pool = objc_autoreleasePoolPush(); OFString *fileName = [entry fileName]; of_tar_archive_entry_type_t type = [entry type]; OFString *outFileName, *directory; OFFile *output; OFStream *stream; uint64_t written = 0, size = [entry size]; int8_t percent = -1, newPercent; if (!all && ![files containsObject: fileName]) continue; if (type != OF_TAR_ARCHIVE_ENTRY_TYPE_FILE && type != OF_TAR_ARCHIVE_ENTRY_TYPE_DIRECTORY) { if (app->_outputLevel >= 0) [of_stdout writeLine: OF_LOCALIZED( @"skipping_file", @"Skipping %[file]...", @"file", fileName)]; continue; } [missing removeObject: fileName]; outFileName = [app safeLocalPathForPath: fileName]; if (outFileName == nil) { [of_stderr writeLine: OF_LOCALIZED( @"refusing_to_extract_file", @"Refusing to extract %[file]!", @"file", fileName)]; app->_exitStatus = 1; goto outer_loop_end; } if (app->_outputLevel >= 0) [of_stdout writeString: OF_LOCALIZED(@"extracting_file", @"Extracting %[file]...", @"file", fileName)]; if (type == OF_TAR_ARCHIVE_ENTRY_TYPE_DIRECTORY || (type == OF_TAR_ARCHIVE_ENTRY_TYPE_FILE && |
︙ | ︙ |
Modified utils/ofzip/ZIPArchive.m from [fe7d9002b6] to [5378cae3d0].
︙ | ︙ | |||
203 204 205 206 207 208 209 | bool all = ([files count] == 0); OFMutableSet OF_GENERIC(OFString *) *missing = [OFMutableSet setWithArray: files]; for (OFZIPArchiveEntry *entry in [_archive entries]) { void *pool = objc_autoreleasePoolPush(); OFString *fileName = [entry fileName]; | | < < < | < | < < < < < < < < < < < < < < < < < | 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 | bool all = ([files count] == 0); OFMutableSet OF_GENERIC(OFString *) *missing = [OFMutableSet setWithArray: files]; for (OFZIPArchiveEntry *entry in [_archive entries]) { void *pool = objc_autoreleasePoolPush(); OFString *fileName = [entry fileName]; OFString *outFileName, *directory; OFStream *stream; OFFile *output; uint64_t written = 0, size = [entry uncompressedSize]; int8_t percent = -1, newPercent; if (!all && ![files containsObject: fileName]) continue; [missing removeObject: fileName]; outFileName = [app safeLocalPathForPath: fileName]; if (outFileName == nil) { [of_stderr writeLine: OF_LOCALIZED( @"refusing_to_extract_file", @"Refusing to extract %[file]!", @"file", fileName)]; app->_exitStatus = 1; goto outer_loop_end; } if (app->_outputLevel >= 0) [of_stdout writeString: OF_LOCALIZED(@"extracting_file", @"Extracting %[file]...", @"file", fileName)]; if ([fileName hasSuffix: @"/"]) { [fileManager createDirectoryAtPath: outFileName |
︙ | ︙ |