diff options
author | Gregory P. Smith <greg@krypto.org> | 2013-02-01 11:22:43 -0800 |
---|---|---|
committer | Gregory P. Smith <greg@krypto.org> | 2013-02-01 11:22:43 -0800 |
commit | 48d72c4754278cac2c4eb59135dfd75136fd773a (patch) | |
tree | 5ddd245867f1c0425e3772209b257d6145a9b2f3 /Lib/zipfile.py | |
parent | ec82ce8739759a1e93424f75d24aded432b207d3 (diff) | |
download | cpython-48d72c4754278cac2c4eb59135dfd75136fd773a.tar.gz |
Fixes Issue #6972: The zipfile module no longer overwrites files outside of
its destination path when extracting malicious zip files.
Diffstat (limited to 'Lib/zipfile.py')
-rw-r--r-- | Lib/zipfile.py | 27 |
1 files changed, 16 insertions, 11 deletions
diff --git a/Lib/zipfile.py b/Lib/zipfile.py index f900abd801..0b5d3e8f7b 100644 --- a/Lib/zipfile.py +++ b/Lib/zipfile.py @@ -1062,17 +1062,22 @@ class ZipFile: """ # build the destination pathname, replacing # forward slashes to platform specific separators. - # Strip trailing path separator, unless it represents the root. - if (targetpath[-1:] in (os.path.sep, os.path.altsep) - and len(os.path.splitdrive(targetpath)[1]) > 1): - targetpath = targetpath[:-1] - - # don't include leading "/" from file name if present - if member.filename[0] == '/': - targetpath = os.path.join(targetpath, member.filename[1:]) - else: - targetpath = os.path.join(targetpath, member.filename) - + arcname = member.filename.replace('/', os.path.sep) + + if os.path.altsep: + arcname = arcname.replace(os.path.altsep, os.path.sep) + # interpret absolute pathname as relative, remove drive letter or + # UNC path, redundant separators, "." and ".." components. + arcname = os.path.splitdrive(arcname)[1] + arcname = os.path.sep.join(x for x in arcname.split(os.path.sep) + if x not in ('', os.path.curdir, os.path.pardir)) + # filter illegal characters on Windows + if os.path.sep == '\\': + illegal = ':<>|"?*' + table = str.maketrans(illegal, '_' * len(illegal)) + arcname = arcname.translate(table) + + targetpath = os.path.join(targetpath, arcname) targetpath = os.path.normpath(targetpath) # Create all upper directories if necessary. |