Fix path traversal vulnerability, issue #21

gen2brain · Jun 21, 2022 · 239ec40 · 239ec40
1 parent fa2f5a7
commit 239ec40
Showing 1 changed file with 13 additions and 1 deletion.
diff --git a/unarr.go b/unarr.go
@@ -8,6 +8,7 @@ import (
 	"io/ioutil"
 	"os"
 	"path/filepath"
+	"strings"
 	"time"
 	"unsafe"
 
@@ -170,7 +171,7 @@ func (a *Archive) Offset() int64 {
 
 // Name returns the name of the current entry as UTF-8 string
 func (a *Archive) Name() string {
-	return unarrc.EntryGetName(a.archive)
+	return toValidName(unarrc.EntryGetName(a.archive))
 }
 
 // RawName returns the name of the current entry as raw string
@@ -263,3 +264,14 @@ func (a *Archive) List() (contents []string, err error) {
 
 	return
 }
+
+func toValidName(name string) string {
+	p := filepath.Clean(name)
+	if strings.HasPrefix(p, "/") {
+		p = p[len("/"):]
+	}
+	for strings.HasPrefix(p, "../") {
+		p = p[len("../"):]
+	}
+	return p
+}