Sneederix/sneedmc
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

fix(MMCZip): ignore invalid file paths in extractSubDir

Browse Source 
Ignores files that have an absolute path or a path beginning with ..

Signed-off-by: Lenny McLennington <lenny@sneed.church>
This commit is contained in:
Lenny McLennington 2023-02-09 18:38:34 +00:00
parent 7b547c842c
commit 9f457e0ce6
No known key found for this signature in database
GPG Key ID: F0467078ECA45FCB
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
launcher/MMCZip.cpp
View File

@ -292,10 +292,15 @@ std::optional<QStringList> MMCZip::extractSubDir(QuaZip *zip, const QString & su
do
{
QString name = zip->getCurrentFileName();
if(!name.startsWith(subdir))
if(!QDir::cleanPath(name).startsWith(subdir))
{
continue;
}
if (QDir::isAbsolutePath(name) || QDir::cleanPath(name).startsWith(".."))
{
qDebug() << "extractSubDir: Skipping file that tries to place itself in an absolute location or in a parent directory.";
continue;
}
name.remove(0, subdir.size());
auto original_name = name;