You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@seatunnel.apache.org by ki...@apache.org on 2022/03/26 15:28:34 UTC
[incubator-seatunnel] branch dev updated: [Bug] [core] Arbitrary file write during archive extraction ("Zip Slip") (#1583)
This is an automated email from the ASF dual-hosted git repository.
kirs pushed a commit to branch dev
in repository https://gitbox.apache.org/repos/asf/incubator-seatunnel.git
The following commit(s) were added to refs/heads/dev by this push:
new 7eb19a9 [Bug] [core] Arbitrary file write during archive extraction ("Zip Slip") (#1583)
7eb19a9 is described below
commit 7eb19a971aea7cfac76feeccadffa35ce4e79845
Author: ChunFu Wu <31...@qq.com>
AuthorDate: Sat Mar 26 23:28:29 2022 +0800
[Bug] [core] Arbitrary file write during archive extraction ("Zip Slip") (#1583)
---
.../src/main/java/org/apache/seatunnel/utils/CompressionUtils.java | 3 +++
1 file changed, 3 insertions(+)
diff --git a/seatunnel-core/seatunnel-core-base/src/main/java/org/apache/seatunnel/utils/CompressionUtils.java b/seatunnel-core/seatunnel-core-base/src/main/java/org/apache/seatunnel/utils/CompressionUtils.java
index bab7192..425102c 100644
--- a/seatunnel-core/seatunnel-core-base/src/main/java/org/apache/seatunnel/utils/CompressionUtils.java
+++ b/seatunnel-core/seatunnel-core-base/src/main/java/org/apache/seatunnel/utils/CompressionUtils.java
@@ -65,6 +65,9 @@ public final class CompressionUtils {
TarArchiveEntry entry = null;
while ((entry = (TarArchiveEntry) debInputStream.getNextEntry()) != null) {
final File outputFile = new File(outputDir, entry.getName());
+ if (!outputFile.toPath().normalize().startsWith(outputDir.toPath())) {
+ throw new IllegalStateException("Bad zip entry");
+ }
if (entry.isDirectory()) {
LOGGER.info("Attempting to write output directory {}.", outputFile.getAbsolutePath());
if (!outputFile.exists()) {