Commit adb067e6 authored by Ondrej Holy's avatar Ondrej Holy
Browse files

AutoarExtractor: Do not extract files outside the destination dir

Currently, a malicious archive can cause that the files are extracted
outside of the destination dir. This can happen if the archive contains
a file whose parent is a symbolic link, which points outside of the
destination dir. This is potentially a security threat similar to
CVE-2020-11736. Let's skip such problematic files when extracting.

Fixes: #7
parent 618e94be
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment