29 lines
1.0 KiB
Diff
29 lines
1.0 KiB
Diff
From 16139a75c8a678504f0e72b1469e5a2313ca530b Mon Sep 17 00:00:00 2001
|
|
From: root <root@localhost.localdomain>
|
|
Date: Fri, 6 Sep 2024 23:24:23 +0800
|
|
Subject: [PATCH] CVE-2021-38291
|
|
|
|
---
|
|
3rdparty/libzipplugin/libzipplugin.cpp | 5 +++++
|
|
1 file changed, 5 insertions(+)
|
|
|
|
diff --git a/3rdparty/libzipplugin/libzipplugin.cpp b/3rdparty/libzipplugin/libzipplugin.cpp
|
|
index 3499046..3044470 100644
|
|
--- a/3rdparty/libzipplugin/libzipplugin.cpp
|
|
+++ b/3rdparty/libzipplugin/libzipplugin.cpp
|
|
@@ -677,6 +677,11 @@ ErrorType LibzipPlugin::extractEntry(zip_t *archive, zip_int64_t index, const Ex
|
|
|
|
strFileName = m_common->trans2uft8(statBuffer.name, m_mapFileCode[index]); // 解压文件名(压缩包中)
|
|
// 提取
|
|
+ //fix 232873
|
|
+ if(strFileName.indexOf("../") != -1) {
|
|
+ qInfo() << "skipped ../ path component(s) in " << strFileName;
|
|
+ strFileName = strFileName.replace("../", "");
|
|
+ }
|
|
if (!options.strDestination.isEmpty()) {
|
|
strFileName = strFileName.remove(0, options.strDestination.size());
|
|
}
|
|
--
|
|
2.39.3
|
|
|