From 16139a75c8a678504f0e72b1469e5a2313ca530b Mon Sep 17 00:00:00 2001
From: root <root@localhost.localdomain>
Date: Fri, 6 Sep 2024 23:24:23 +0800
Subject: [PATCH] CVE-2021-38291

---
 3rdparty/libzipplugin/libzipplugin.cpp | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/3rdparty/libzipplugin/libzipplugin.cpp b/3rdparty/libzipplugin/libzipplugin.cpp
index 3499046..3044470 100644
--- a/3rdparty/libzipplugin/libzipplugin.cpp
+++ b/3rdparty/libzipplugin/libzipplugin.cpp
@@ -677,6 +677,11 @@ ErrorType LibzipPlugin::extractEntry(zip_t *archive, zip_int64_t index, const Ex
 
     strFileName = m_common->trans2uft8(statBuffer.name, m_mapFileCode[index]);    // 解压文件名（压缩包中）
     // 提取
+    //fix 232873
+    if(strFileName.indexOf("../") != -1) {
+        qInfo() << "skipped ../ path component(s) in " << strFileName;
+        strFileName = strFileName.replace("../", "");
+    }
     if (!options.strDestination.isEmpty()) {
         strFileName = strFileName.remove(0, options.strDestination.size());
     }
-- 
2.39.3