Fix issue #62 - Githubissues

gdraheim / zziplib

The ZZIPlib provides read access on ZIP-archives and unpacked data. It features an additional simplified API following the standard Posix API for file access

Other

62 stars 50 forks source link

Fix issue #62 #63

Closed jmoellers closed 5 years ago

jmoellers commented 5 years ago

Remove any "../" components from pathnames of extracted files. [CVE-2018-17828]

gdraheim commented 5 years ago

Ganz schön komplizierte Implementation, viel Text, delayed mustfree, Code zahlreich gedoppelt, und nur in den frontend-bins statt den der lib selbst. Testcase fehlt übrigens auch. Dennoch akzeptiert, sodass der CVE erstmal geschlossen ist.