Overview

File CVE-2022-4510.patch of Package binwalk

Index: src/binwalk/plugins/unpfs.py
===================================================================
--- src/binwalk/plugins/unpfs.py.orig	2021-09-10 19:46:40.000000000 +0200
+++ src/binwalk/plugins/unpfs.py	2023-01-30 10:17:15.441077931 +0100
@@ -104,7 +104,7 @@ class PFSExtractor(binwalk.core.plugin.P
                 data = binwalk.core.common.BlockFile(fname, 'rb')
                 data.seek(fs.get_end_of_meta_data())
                 for entry in fs.entries():
-                    outfile_path = os.path.join(out_dir, entry.fname)
+                    outfile_path = os.path.abspath(os.path.join(out_dir, entry.fname))
                     if not outfile_path.startswith(out_dir):
                         binwalk.core.common.warning("Unpfs extractor detected directory traversal attempt for file: '%s'. Refusing to extract." % outfile_path)
                     else:
openSUSE Build Service is sponsored by
Places