Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DTF vulnerable to "Zip Slip" #6075

Closed
firegiantco opened this issue Sep 12, 2019 · 1 comment · Fixed by wixtoolset/wix3#497 or wixtoolset/wix3#498
Closed

DTF vulnerable to "Zip Slip" #6075

firegiantco opened this issue Sep 12, 2019 · 1 comment · Fixed by wixtoolset/wix3#497 or wixtoolset/wix3#498
Assignees
@firegiantco
Labels
bug dtf
Milestone
v3.x

Comments

@firegiantco
Copy link

Please provide answers to the following questions to help us narrow down, reproduce, and fix the problem. Fill out one section and delete the others.

  • Which version of WiX are you building with?

WiX v3.11.1

  • Which version of Visual Studio are you building with (if any)?

N/A

  • Which version of the WiX Toolset Visual Studio Extension are you building with (if any)?

N/A

  • Which version of .NET are you building with?

Any

  • If the problem occurs when installing your packages built with WiX, what is the version of Windows the package is running on?

N/A

  • Describe the problem and the steps to reproduce it.

A maliciously crafted cabinet or zip file can be created with traversal paths in the archived file names. For example, ..\..\hackedu.dll. DTF's ArchiveFileStreamContext will concatenate the archived file path with a provided base directory, such that the traversal path can place the file outside the provided base directory and possibly overwriting the user's files. This is known as Zip Slip.

  • Describe the behavior you expected and how it differed from the actual behavior.

DTF should not write files outside the extraction folder.

This issue was originally reported by Devin Casadey.
robmen added a commit to firegiant/wix3 that referenced this issue Sep 12, 2019
@robmen
Prevent Zip Slip when using ArchiveFileStreamContext to decompress
42e85e3 
Fixes wixtoolset/issues#6075
robmen added a commit to firegiant/wix3 that referenced this issue Sep 12, 2019
@robmen
Prevent Zip Slip when using ArchiveFileStreamContext to decompress
a557176 
Fixes wixtoolset/issues#6075
@firegiantco
Copy link
Author

WIP

@barnson barnson added this to the v3.x milestone Sep 12, 2019
@robmen robmen mentioned this issue Sep 12, 2019
Merged
robmen added a commit to wixtoolset/wix3 that referenced this issue Sep 15, 2019
@robmen
Prevent Zip Slip when using ArchiveFileStreamContext to decompress
75bb40d 
Fixes wixtoolset/issues#6075
robmen added a commit to firegiant/wix3 that referenced this issue Sep 16, 2019
@robmen
Fixes Zip Slip fix break when using ArchiveFileStreamContext to compress
35e0674 
Fixes wixtoolset/issues#6075
robmen added a commit to firegiant/wix3 that referenced this issue Sep 16, 2019
@robmen
Fixes Zip Slip fix break when using ArchiveFileStreamContext to compress
094e199 
Fixes wixtoolset/issues#6075
@robmen robmen mentioned this issue Sep 16, 2019
Merged
barnson pushed a commit to wixtoolset/wix3 that referenced this issue Sep 16, 2019
@robmen @barnson
Fixes Zip Slip fix break when using ArchiveFileStreamContext to compress
f1130b6 
Fixes wixtoolset/issues#6075
robmen added a commit to wixtoolset/wix3 that referenced this issue Sep 16, 2019
@robmen
Fixes Zip Slip fix break when using ArchiveFileStreamContext to compress
0456999 
Fixes wixtoolset/issues#6075
robmen added a commit to wixtoolset/wix3 that referenced this issue Sep 17, 2019
@robmen
Prevent Zip Slip when using ArchiveFileStreamContext to decompress
3b16f67 
Fixes wixtoolset/issues#6075
robmen added a commit to wixtoolset/wix3 that referenced this issue Sep 17, 2019
@robmen
Fixes Zip Slip fix break when using ArchiveFileStreamContext to compress
14fa226 
Fixes wixtoolset/issues#6075
robmen added a commit to firegiant/wix3 that referenced this issue Sep 17, 2019
@robmen
Prevent Zip Slip when using ArchiveFileStreamContext to decompress
dadd0a6 
Fixes wixtoolset/issues#6075
robmen added a commit to firegiant/wix3 that referenced this issue Sep 17, 2019
@robmen
Fixes Zip Slip fix break when using ArchiveFileStreamContext to compress
6a10cbe 
Fixes wixtoolset/issues#6075
robmen added a commit to wixtoolset/Dtf that referenced this issue Sep 26, 2019
@robmen
Prevent Zip Slip when using ArchiveFileStreamContext to decompress
f7a475f 
Fixes wixtoolset/issues#6075
@sandrobonazzola sandrobonazzola mentioned this issue Jul 17, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@firegiantco firegiantco

Labels
bug dtf
Projects
None yet
Milestone
v3.x
2 participants
@barnson @firegiantco