Cool_Tools/ImHex
1
0
Fork 0
mirror of synced 2025-02-17 18:59:21 +01:00
Code Releases Wiki Activity

fix: verify that file names queried from the store do not allow path traversal (#1277)

Browse Source
This commit is contained in:
iTrooz 2023-09-02 17:51:21 +02:00 committed by GitHub
parent 235f4e39b4
commit c2fe9f0966
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 10 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
plugins/builtin/source/content/views/view_store.cpp
View File

@ -260,11 +260,18 @@ namespace hex::plugin::builtin {
bool ViewStore::download(fs::ImHexPath pathType, const std::string &fileName, const std::string &url, bool update) {
bool downloading = false;
for (const auto &path : fs::getDefaultPaths(pathType)) {
if (!fs::isPathWritable(path))
for (const auto &folderPath : fs::getDefaultPaths(pathType)) {
if (!fs::isPathWritable(folderPath))
continue;
auto fullPath = path / std::fs::path(fileName);
// verify that we write the file to the right folder
// this is to prevent the filename from having elements like ../
auto fullPath = std::fs::weakly_canonical(folderPath / std::fs::path(fileName));
auto [folderIter, pathIter] = std::mismatch(folderPath.begin(), folderPath.end(), fullPath.begin());
if(folderIter != folderPath.end()) {
log::warn("The destination file name '{}' is invalid", fileName);
return false;
}
if (!update || wolv::io::fs::exists(fullPath)) {
downloading = true;