github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-22 22:43:33 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

SECURITY: Prevent arbitrary file write when decompressing files (#18421)

Browse Source 
* SECURITY: Prevent arbitrary file write when decompressing files
* FIX: Allow decompressing files into symlinked directories

Co-authored-by: OsamaSayegh <asooomaasoooma90@gmail.com>
Co-authored-by: Gerhard Schlager <gerhard.schlager@discourse.org>
This commit is contained in:
Jarek Radosz
2022-09-29 20:00:38 +02:00
committed by GitHub
parent ae1e536e83
commit b27d5626d2
9 changed files with 175 additions and 57 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
lib/compression/gzip.rb
View File

@ -30,8 +30,14 @@ module Compression
yield(gzip)
end
def build_entry_path(_compressed_file, dest_path, compressed_file_path, entry, _allow_non_root_folder)
compressed_file_path.gsub(extension, '')
def build_entry_path(dest_path, _, compressed_file_path)
basename = File.basename(compressed_file_path)
basename.gsub!(/#{Regexp.escape(extension)}$/, '')
File.join(dest_path, basename)
end
def decompression_results_path(dest_path, compressed_file_path)
build_entry_path(dest_path, nil, compressed_file_path)
end
def extract_file(entry, entry_path, available_size)