[Buildroot] [PATCH] utils/scanpypi: protect against zip-slip vulnerability in zip/tar handling

Peter Korsgaard peter at korsgaard.com
Tue Feb 12 20:45:38 UTC 2019


>>>>> "Yann" == Yann E MORIN <yann.morin.1998 at free.fr> writes:

Hi,

 > As I said on IRC: I would really prefer if we could reject archive that
 > do have paths merely containiug /../ components, because those are
 > already fishy, even if they still point in-tree, e.g. foo/../bar is
 > still technically OK, but why the heck would it be constructed that way
 > to begin with? Normal archivers do not do that.

Agreed, but that code seems somewhat more complicated to me, and I
wanted the simplest possible solution.


 > But making the path canonical with relpath() is already better than the
 > current situation, so:

 > Reviewed-by: "Yann E. MORIN" <yann.morin.1998 at free.fr>

 > Yet, a little tiny comment, below:

 >> +        if evil:
 >> +            print('ERROR: Refusing to extract {} with suspicious members {}'.format(
 >> +                self.filename, evil))

 > I would have sent that to stderr: print(..., file=sys.stderr)

Correct, but scanpypi sems (almost all) error messages to stdout, so I
kept it like this for consistency.

-- 
Bye, Peter Korsgaard


More information about the buildroot mailing list