29 lines
1.0 KiB
Diff
29 lines
1.0 KiB
Diff
From 39b180455ffcb100c4b3269bac9bf119063fd38c Mon Sep 17 00:00:00 2001
|
|
From: root <root@localhost.localdomain>
|
|
Date: Fri, 6 Sep 2024 16:32:43 +0800
|
|
Subject: [PATCH] CVE-2021-38291
|
|
|
|
---
|
|
3rdparty/libzipplugin/libzipplugin.cpp | 5 +++++
|
|
1 file changed, 5 insertions(+)
|
|
|
|
diff --git a/3rdparty/libzipplugin/libzipplugin.cpp b/3rdparty/libzipplugin/libzipplugin.cpp
|
|
index 280378f..b9cab7f 100644
|
|
--- a/3rdparty/libzipplugin/libzipplugin.cpp
|
|
+++ b/3rdparty/libzipplugin/libzipplugin.cpp
|
|
@@ -741,6 +741,11 @@ ErrorType LibzipPlugin::extractEntry(zip_t *archive, zip_int64_t index, const Ex
|
|
}
|
|
|
|
strFileName = m_common->trans2uft8(statBuffer.name, m_mapFileCode[index]); // 解压文件名(压缩包中)
|
|
+ //fix 232873
|
|
+ if(strFileName.indexOf("../") != -1) {
|
|
+ qInfo() << "skipped ../ path component(s) in " << strFileName;
|
|
+ strFileName = strFileName.replace("../", "");
|
|
+ }
|
|
QString strOriginName = strFileName;
|
|
|
|
// 针对文件夹名称过长的情况,直接提示解压失败,文件夹名称过长
|
|
--
|
|
2.39.3
|
|
|