WriteEntryToDirectory - entry with root path crash #824
Comments
|
There was to avoid a specific vulnerability to not allow extraction outside the destination directory: https://github.com/adamhathcock/sharpcompress/pull/374/files Path.Join does not seem applicable. |
|
@adamhathcock Hi, i would've assume that if my destination folder is /root2 and the directory inside the zip is for example /root/file.txt then it will be extracted to /root2/root/file.txt (just like if i extract the zip manually on my pc) |
|
again, the linked PR prevents extraction to directories outside of the current one |
|
I understand, again, i didn't expect it to extract to outside directories i'm expecting it to extract the full path into my desired destination folder - the problem is that when using Path.Combine("/root","/root2/test.txt") it will return "/root2/test.txt" instead of "/root/root2/test.txt" |
|
These are just convenance methods. You don't have to use them. You can write your own to write entries to whatever you like and however you like. |
Hi, When I call WriteEntryToDirectory with entry key that is rooted for example '/root/file.txt' and the directory '/root2' as param.
the code fails with Entry is trying to create a directory outside of the destination directory.
The reason for that is Path.Combine ignore the directory path param.
The solution should be move use Path.Join.
The text was updated successfully, but these errors were encountered: