projects / platform / core / appfw / app-installers.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: fd1343a) | patch
Prevent 'directory climbing' attack in unzip step 95/44895/2
authorTomasz Iwanek <t.iwanek@samsung.com>
Tue, 28 Jul 2015 08:43:06 +0000 (10:43 +0200)
committerPawel Sikorski <p.sikorski@samsung.com>
Thu, 30 Jul 2015 08:40:54 +0000 (01:40 -0700)
commit0dbf9ae85666cd969125bd625b17e91db12edc1c
treef91d02792dc826a51baef8bbf821887d9262e442tree | snapshot
parentfd1343ad0755bf6f939840b62e74b33e43bafcc0commit | diff
Prevent 'directory climbing' attack in unzip step

This commit prevents directory attack presented by SRK
in installer. Additional check is added to confirm that
zip relative path in input archieve are not pointing
outside of package root.

In general, app-installer should not install files of
widget outside of package directory if widget package
is malformed.

Change-Id: I9703d416d0964a073f45226340a38d11482c949d
src/common/utils/file_util.cc diff | blob | history
Domain: App Framework / Application Installer;