Bugfix in create_symlink: convert destination, not source to relative…

… paths
onekey-sec · Feb 12, 2024 · 2ce66d6 · 2ce66d6
1 parent 56617a3
commit 2ce66d6
Showing 1 changed file with 15 additions and 5 deletions.
diff --git a/unblob/file_utils.py b/unblob/file_utils.py
@@ -568,11 +568,21 @@ def create_symlink(self, src: Path, dst: Path):
         """Create a symlink dst with the link/content/target src."""
         logger.debug("creating symlink", file_path=dst, link_target=src, _verbosity=3)
 
-        if src.is_absolute():
-            # convert absolute paths to dst relative paths
-            # these would point to the same path if self.root would be the real root "/"
-            # but they are relocatable
-            src = self._path_to_root(dst.parent) / chop_root(src)
+        if dst.is_absolute():
+            # If the symlink destination is absolute, we need to make it relative to the root
+            # so it can be safely created in the extraction directory.
+            # If the resulting path points to outside of the extraction directory, we skip it.
+            dst = self.root / chop_root(dst)
+            if not is_safe_path(self.root, dst):
+                self.record_problem(
+                    LinkExtractionProblem(
+                        problem="Potential path traversal through symlink",
+                        resolution="Skipped.",
+                        path=str(dst),
+                        link_path=str(src),
+                    )
+                )
+                return
 
         safe_link = self._get_checked_link(src=src, dst=dst)