Packages: fix handling of unsafe paths in zips
This was breaking the P-51D which contains a mis-named PNG file which tripped the unsafe path detection.
This commit is contained in:
parent
73f00bd842
commit
8cf11f9208
@ -340,7 +340,7 @@ public:
|
||||
}
|
||||
|
||||
if (!isSafePath(tarPath)) {
|
||||
SG_LOG(SG_IO, SG_WARN, "bad tar path:" << tarPath);
|
||||
SG_LOG(SG_IO, SG_WARN, "unsafe tar path, skipping::" << tarPath);
|
||||
skipCurrentEntry = true;
|
||||
}
|
||||
|
||||
@ -506,7 +506,7 @@ public:
|
||||
#endif
|
||||
unzFile zip = unzOpen2(bufferName, &memoryAccessFuncs);
|
||||
|
||||
const size_t BUFFER_SIZE = 32 * 1024;
|
||||
const size_t BUFFER_SIZE = 1024 * 1024;
|
||||
void* buf = malloc(BUFFER_SIZE);
|
||||
|
||||
try {
|
||||
@ -532,24 +532,28 @@ public:
|
||||
state = END_OF_ARCHIVE;
|
||||
}
|
||||
catch (sg_exception&) {
|
||||
state = BAD_ARCHIVE;
|
||||
}
|
||||
state = BAD_ARCHIVE;
|
||||
}
|
||||
|
||||
free(buf);
|
||||
unzClose(zip);
|
||||
}
|
||||
free(buf);
|
||||
unzClose(zip);
|
||||
}
|
||||
|
||||
void extractCurrentFile(unzFile zip, char* buffer, size_t bufferSize)
|
||||
{
|
||||
unz_file_info fileInfo;
|
||||
unzGetCurrentFileInfo(zip, &fileInfo,
|
||||
buffer, bufferSize,
|
||||
NULL, 0, /* extra field */
|
||||
NULL, 0 /* comment field */);
|
||||
void extractCurrentFile(unzFile zip, char* buffer, size_t bufferSize)
|
||||
{
|
||||
unz_file_info fileInfo;
|
||||
int result = unzGetCurrentFileInfo(zip, &fileInfo,
|
||||
buffer, bufferSize,
|
||||
NULL, 0, /* extra field */
|
||||
NULL, 0 /* comment field */);
|
||||
if (result != Z_OK) {
|
||||
throw sg_io_exception("Failed to get zip current file info");
|
||||
}
|
||||
|
||||
std::string name(buffer);
|
||||
if (!isSafePath(name)) {
|
||||
throw sg_format_exception("Bad zip path", name);
|
||||
SG_LOG(SG_IO, SG_WARN, "unsafe zip path, skipping::" << name);
|
||||
return;
|
||||
}
|
||||
|
||||
auto filterResult = filterPath(name);
|
||||
@ -568,7 +572,7 @@ public:
|
||||
return;
|
||||
}
|
||||
|
||||
int result = unzOpenCurrentFile(zip);
|
||||
result = unzOpenCurrentFile(zip);
|
||||
if (result != UNZ_OK) {
|
||||
throw sg_io_exception("opening current zip file failed", sg_location(name));
|
||||
}
|
||||
|
@ -122,6 +122,9 @@ protected:
|
||||
m_downloaded += n;
|
||||
m_owner->installProgress(m_downloaded, responseLength());
|
||||
m_extractor->extractBytes(ubytes, n);
|
||||
if (m_extractor->hasError()) {
|
||||
SG_LOG(SG_GENERAL, SG_WARN, "archive extraction failed");
|
||||
}
|
||||
}
|
||||
|
||||
void onDone() override
|
||||
|
@ -59,7 +59,7 @@ public:
|
||||
|
||||
virtual void installProgress(pkg::InstallRef aInstall, unsigned int bytes, unsigned int total)
|
||||
{
|
||||
unsigned int percent = (bytes * 100) / total;
|
||||
size_t percent = (static_cast<size_t>(bytes) * 100) / total;
|
||||
if (percent == _lastPercent) {
|
||||
return;
|
||||
}
|
||||
@ -78,7 +78,7 @@ public:
|
||||
}
|
||||
|
||||
private:
|
||||
unsigned int _lastPercent;
|
||||
size_t _lastPercent;
|
||||
|
||||
};
|
||||
|
||||
@ -124,7 +124,7 @@ int main(int argc, char** argv)
|
||||
{
|
||||
|
||||
HTTP::Client* http = new HTTP::Client();
|
||||
pkg::Root* root = new pkg::Root(Dir::current().path(), "");
|
||||
pkg::Root* root = new pkg::Root(Dir::current().path(), "2019.1.1");
|
||||
|
||||
MyDelegate dlg;
|
||||
root->addDelegate(&dlg);
|
||||
|
Loading…
Reference in New Issue
Block a user