Skip to content

Commit

Permalink
Merge pull request #617 from QKaiser/fix-pfs-path-traversal
Browse files Browse the repository at this point in the history 
fix path traversal in PFS extractor script
  • Loading branch information
@devttys0
devttys0 authored Feb 1, 2023
2 parents a555eb1 + 696fe34 commit cddfede
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion src/binwalk/plugins/unpfs.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -104,7 +104,7 @@ def extractor(self, fname):
data = binwalk.core.common.BlockFile(fname, 'rb')
data.seek(fs.get_end_of_meta_data())
for entry in fs.entries():
outfile_path = os.path.join(out_dir, entry.fname)
outfile_path = os.path.abspath(os.path.join(out_dir, entry.fname))
if not outfile_path.startswith(out_dir):
binwalk.core.common.warning("Unpfs extractor detected directory traversal attempt for file: '%s'. Refusing to extract." % outfile_path)
else:
Expand Down

1 comment on commit cddfede

@Mopsklie
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

src/binwalk/plugins/unpfs.py

Please sign in to comment.