This commit prevents directory attack presented by SRK
in installer. Additional check is added to confirm that
zip relative path in input archieve are not pointing
outside of package root.
In general, app-installer should not install files of
widget outside of package directory if widget package
is malformed.
Change-Id: I9703d416d0964a073f45226340a38d11482c949d
if (filter_prefix.empty() ||
std::string(raw_file_name_in_zip).find(filter_prefix) == 0) {
bf::path filename_in_zip_path(raw_file_name_in_zip);
+
+ // prevent "directory climbing" attack
+ bs::error_code error;
+ if (bf::canonical(filename_in_zip_path, tmp_dir,
+ error).string().find(bf::canonical(tmp_dir).string())
+ != 0) {
+ LOG(ERROR) << "Relative path of file in widget is malformed";
+ return false;
+ }
+ if (error) {
+ LOG(ERROR) << "Failed to get canonical form of relative path in widget";
+ return false;
+ }
+
if (!filename_in_zip_path.parent_path().empty()) {
if (!CreateDir(filename_in_zip_path.parent_path())) {
LOG(ERROR) << "Failed to create directory: "