Skip to content
This repository was archived by the owner on Sep 24, 2025. It is now read-only.
This repository was archived by the owner on Sep 24, 2025. It is now read-only.

Malicious archives may cause problems #8

Open
Open
Malicious archives may cause problems#8
@kbrint

Description

@kbrint
kbrint
opened on Sep 30, 2012

Leading / is prohibited, but an archive containing this file could cause problems on extract:

../../../../../../../../../../../../Users/you/.ssh/authorized_keys

Or even:

dir1
dir1/somefile
dir1/dir2 
dir1/dir2/../../../../../../../../../../../../Users/you/.ssh/authorized_keys

Any path containing ".." should be prohibited just like those starting with "/"

Probably something like this... not sure if this is robust enough:

for dir := range strings.Split(path, os.PathSeparator) {
  if dir == ".." {
    barf
  }
}

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions