Fixed security issue when extracting items from TAR archive // Issue #2995

2019-10-24 16:24:53 +03:00
parent 69d9438c71
commit 2388b2a62b
1 changed files with 17 additions and 18 deletions
--- a/platformio/unpacker.py
+++ b/platformio/unpacker.py
@ -67,25 +67,24 @@ class TARArchive(ArchiveBase):
    def is_bad_path(self, path, base):
        return not self.resolve_path(os.path.join(base, path)).startswith(base)
-    def is_bad_link(self, tarinfo, base):
+    def is_bad_link(self, item, base):
-        return self.is_bad_path(
+        return not self.resolve_path(
-            tarinfo.linkname,
+            os.path.join(os.path.join(base, os.path.dirname(item.name)), item.linkname)
-            base=self.resolve_path(os.path.join(base, os.path.dirname(tarinfo.name))),
+        ).startswith(base)
        )
-    # def extract_item(self, item, dest_dir):
+    def extract_item(self, item, dest_dir):
-    #     bad_conds = [
+        bad_conds = [
-    #         self.is_link(item) and self.is_bad_link(item, dest_dir),
+            self.is_bad_path(item.name, dest_dir),
-    #         not self.is_link(item) and self.is_bad_path(item.name, dest_dir),
+            self.is_link(item) and self.is_bad_link(item, dest_dir),
-    #     ]
+        ]
-    #     if not any(bad_conds):
+        if not any(bad_conds):
-    #         super(TARArchive, self).extract_item(item, dest_dir)
+            super(TARArchive, self).extract_item(item, dest_dir)
-    #     else:
+        else:
-    #         click.secho(
+            click.secho(
-    #             "Blocked insecure item `%s` from archive" % item.name,
+                "Blocked insecure item `%s` from TAR archive" % item.name,
-    #             fg="red",
+                fg="red",
-    #             err=True,
+                err=True,
-    #         )
+            )
 class ZIPArchive(ArchiveBase):