projects / platform / core / api / webapi-plugins.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 7f21189) | patch
[Archive] Prevent extracting files with ".." in relative paths 66/221966/1
authorPawel Wasowski <p.wasowski2@samsung.com>
Wed, 8 Jan 2020 10:28:08 +0000 (11:28 +0100)
committerPiotr Kosko <p.kosko@samsung.com>
Wed, 8 Jan 2020 12:47:42 +0000 (12:47 +0000)
commitc09d34faa8fb001a75a14fc03e340d9123ad9bb8
treea3c194b45ec0a9603f878099b7cbe0c4c844c772tree | snapshot
parent7f21189f8764a61da4c760c86fa9dfac57404636commit | diff
[Archive] Prevent extracting files with ".." in relative paths

This change mitigates a potential security issue, which could occur if
a zip archive contained files with ".." in their paths.
ArchiveEntry.extract() and Archive.extractAll() will not extract such
files.

Verification: auto tct-tizen-archive-tests pass rate: 100%
              Manual tests: attempts to extract files with forbidden
              ".." results in an UnknownError.

Change-Id: I563744d834d24e896493f55d15e579e714d539f9
Signed-off-by: Pawel Wasowski <p.wasowski2@samsung.com>
src/archive/archive_file.cc diff | blob | history
src/archive/archive_instance.cc diff | blob | history
src/archive/archive_utils.cc diff | blob | history
src/archive/archive_utils.h diff | blob | history
src/archive/un_zip_extract_request.cc diff | blob | history
Domain: Web Framework / Web API;