bashclub/piler
1
0
Fork 0
mirror of https://bitbucket.org/jsuto/piler.git synced 2024-11-08 04:41:59 +01:00
Code Issues Packages Projects Releases Wiki Activity

added a safety check for zip extraction

Browse Source
This commit is contained in:
SJ 2015-03-16 11:10:52 +01:00
parent 90df359177
commit 4c489d1a47
1 changed files with 22 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
src/extract.c
View File

@ -7,6 +7,7 @@
#include <sys/stat.h>
#include <dirent.h>
#include <fcntl.h>
#include <ctype.h>
#include <piler.h>
#ifdef HAVE_ZIP
@ -94,8 +95,20 @@ int extract_opendocument(struct session_data *sdata, struct _state *state, char
}
int is_safe_filetype(char *s){
for(; *s; s++){
if(*s != 46 && !isalnum(*s)){
return 0;
}
}
return 1;
}
int unzip_file(struct session_data *sdata, struct _state *state, char *filename, int *rec, struct __config *cfg){
int errorp, i=0, len=0, fd;
int errorp, i=0, len=0, fd, safe_extension=0;
char *p, extracted_filename[SMALLBUFSIZE], buf[MAXBUFSIZE];
struct zip *z;
struct zip_stat sb;
@ -115,11 +128,18 @@ int unzip_file(struct session_data *sdata, struct _state *state, char *filename,
if(ZIP_EM_NONE == sb.encryption_method) {
p = strrchr(sb.name, '.');
safe_extension = 0;
if((int)sb.size > 0 && p && strcmp(get_attachment_extractor_by_filename((char*)sb.name), "other")){
if(p) safe_extension = is_safe_filetype(p);
if(safe_extension == 0) syslog(LOG_INFO, "%s: invalid filename in zip: '%s'", sdata->ttmpfile, (char*)sb.name);
if((int)sb.size > 0 && safe_extension == 1 && strcmp(get_attachment_extractor_by_filename((char*)sb.name), "other")){
snprintf(extracted_filename, sizeof(extracted_filename)-1, "%s-%d-%d%s", sdata->ttmpfile, *rec, i, p);
if(cfg->verbosity >= _LOG_DEBUG) syslog(LOG_INFO, "%s: writing zip content to '%s'", sdata->ttmpfile, extracted_filename);
fd = open(extracted_filename, O_CREAT|O_RDWR, S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH);
if(fd != -1){
zf = zip_fopen_index(z, i, 0);