From 93175896ab7cc31266df0903490362ba37404676 Mon Sep 17 00:00:00 2001 From: Kevin Hendricks <kevin.b.hendricks@icloud.com> Date: Wed, 26 Jun 2019 14:02:49 -0400 Subject: [PATCH] try to make extracting epubs safer --- src/zipios/src/zipextraction.cpp | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/src/zipios/src/zipextraction.cpp b/src/zipios/src/zipextraction.cpp index 8541625..0e238c8 100644 --- a/src/zipios/src/zipextraction.cpp +++ b/src/zipios/src/zipextraction.cpp @@ -73,7 +73,17 @@ void ExtractZipToFolder( const fs::path &path_to_zip, const fs::path &path_to_fo { boost::scoped_ptr< std::istream > stream( zip.getInputStream( *it ) ); - fs::path new_file_path = path_to_folder / (*it)->getName(); + // for security reasons need to force any relative path + // to be inside the destination folder and not anyplace else + // do this by removing any and all upward relative path segments as + // epubs are not general zip archives used for backup + string azipfilepath = (*it)->getName(); + size_t index = azipfilepath.find("../", 0); + while(index != std::string::npos) { + azipfilepath.replace(index, 3,""); + index = azipfilepath.find("../", 0); + } + fs::path new_file_path = path_to_folder / azipfilepath; CreateFilepath( new_file_path ); WriteEntryToFile( *stream, new_file_path );