Skip to content

Commit

Permalink
PR icsharpcode#622
Browse files Browse the repository at this point in the history
  • Loading branch information
@HowToDoThis
HowToDoThis committed Aug 11, 2021
1 parent eb0c75e commit 47fc2f5
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 2 deletions.
2 changes: 1 addition & 1 deletion src/ICSharpCode.SharpZipLib/Tar/TarArchive.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -803,7 +803,7 @@ private void WriteEntryCore(TarEntry sourceEntry, bool recurse)
{
if (!IsBinary(entryFilename))
{
tempFileName = Path.GetTempFileName();
tempFileName = Path.GetRandomFileName();

using (StreamReader inStream = File.OpenText(entryFilename))
{
Expand Down
9 changes: 8 additions & 1 deletion src/ICSharpCode.SharpZipLib/Zip/WindowsNameTransform.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -133,7 +133,14 @@ public string TransformFile(string name)
{
name = Path.Combine(_baseDirectory, name);

if (!_allowParentTraversal && !Path.GetFullPath(name).StartsWith(_baseDirectory, StringComparison.InvariantCultureIgnoreCase))
// Ensure base directory ends with directory separator ('/' or '\' depending on OS)
var pathBase = Path.GetFullPath(_baseDirectory);
if (pathBase[pathBase.Length - 1] != Path.DirectorySeparatorChar)
{
pathBase += Path.DirectorySeparatorChar;
}

if (!_allowParentTraversal && !Path.GetFullPath(name).StartsWith(pathBase, StringComparison.InvariantCultureIgnoreCase))
{
throw new InvalidNameException("Parent traversal in paths is not allowed");
}
Expand Down

0 comments on commit 47fc2f5

Please sign in to comment.