Harden libarchive extraction: secure flags for path traversal, NULL pathname guard

2026-04-05 21:40:42 +08:00 · 2026-03-08 00:48:13 +08:00
parent d4ea43c7db
commit ef02d50244
2 changed files with 15 additions and 6 deletions
--- a/scripts/vphoned/unarchive.m
+++ b/scripts/vphoned/unarchive.m
@@ -24,7 +24,10 @@ int vp_extract_archive(NSString *archivePath, NSString *extractionPath) {
    int flags = ARCHIVE_EXTRACT_TIME
              | ARCHIVE_EXTRACT_PERM
              | ARCHIVE_EXTRACT_ACL
-              | ARCHIVE_EXTRACT_FFLAGS;
+              | ARCHIVE_EXTRACT_FFLAGS
+              | ARCHIVE_EXTRACT_SECURE_SYMLINKS
+              | ARCHIVE_EXTRACT_SECURE_NODOTDOT
+              | ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS;

    struct archive *a = archive_read_new();
    archive_read_support_format_all(a);
@@ -48,7 +51,10 @@ int vp_extract_archive(NSString *archivePath, NSString *extractionPath) {
            fprintf(stderr, "%s\n", archive_error_string(a));
        if (r < ARCHIVE_WARN) { ret = 1; goto cleanup; }

-        NSString *currentFile = [NSString stringWithUTF8String:archive_entry_pathname(entry)];
+        const char *entryPath = archive_entry_pathname(entry);
+        if (!entryPath) { ret = 1; goto cleanup; }
+        NSString *currentFile = [NSString stringWithUTF8String:entryPath];
+        if (!currentFile) { ret = 1; goto cleanup; }
        NSString *fullOutputPath = [extractionPath stringByAppendingPathComponent:currentFile];
        archive_entry_set_pathname(entry, fullOutputPath.fileSystemRepresentation);

--- a/scripts/vphoned/vendor/libarchive/archive.h
+++ b/scripts/vphoned/vendor/libarchive/archive.h
@@ -48,10 +48,13 @@ struct archive_entry;
 #define ARCHIVE_WARN    (-20)

 /* Extract flags */
-#define ARCHIVE_EXTRACT_TIME    0x0004
-#define ARCHIVE_EXTRACT_PERM    0x0002
-#define ARCHIVE_EXTRACT_ACL     0x0020
-#define ARCHIVE_EXTRACT_FFLAGS  0x0040
+#define ARCHIVE_EXTRACT_TIME                  0x0004
+#define ARCHIVE_EXTRACT_PERM                  0x0002
+#define ARCHIVE_EXTRACT_ACL                   0x0020
+#define ARCHIVE_EXTRACT_FFLAGS                0x0040
+#define ARCHIVE_EXTRACT_SECURE_SYMLINKS       0x0100
+#define ARCHIVE_EXTRACT_SECURE_NODOTDOT       0x0200
+#define ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS 0x10000

 /* Error string */
 const char *archive_error_string(struct archive *);