ShuriZma
/
dolphin
mirror of https://github.com/dolphin-emu/dolphin.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

FatFsUtil: Add some path traversal attack protection when unpacking.

This commit is contained in:
Admiral H. Curtiss 2022-06-16 04:15:28 +02:00
parent a621fdf857
commit f40eeebcf0
No known key found for this signature in database
GPG Key ID: F051B4C4044F33FB
1 changed files with 17 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
Source/Core/Common/FatFsUtil.cpp
View File

@ -8,8 +8,11 @@
#include <cstdlib> #include <cstdlib>
#include <mutex> #include <mutex>
#include <string> #include <string>
#include <string_view>
#include <vector> #include <vector>
#include <fmt/format.h>
// Does not compile if diskio.h is included first. // Does not compile if diskio.h is included first.
// clang-format off // clang-format off
#include "ff.h" #include "ff.h"
@ -439,8 +442,21 @@ static bool Unpack(const std::string path, bool is_directory, const char* name,
if (entry.fname[0] == '\0') if (entry.fname[0] == '\0')
break; break;
if (!Unpack(path + "/" + entry.fname, entry.fattrib & AM_DIR, entry.fname, tmp_buffer)) const std::string_view childname = entry.fname;
// Check for path traversal attacks.
if (childname.find("\\") != std::string_view::npos)
return false; return false;
if (childname.find('/') != std::string_view::npos)
return false;
if (std::all_of(childname.begin(), childname.end(), [](char c) { return c == '.'; }))
return false;
if (!Unpack(fmt::format("{}/{}", path, childname), entry.fattrib & AM_DIR, entry.fname,
tmp_buffer))
{
return false;
}
} }
if (f_closedir(&directory) != FR_OK) if (f_closedir(&directory) != FR_OK)