Bugfix: Check symlink safety relative to link name in tarfile extraction

onekey-sec · Feb 12, 2024 · 76c29fe · 76c29fe
1 parent 2ce66d6
commit 76c29fe
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/unblob/handlers/archive/_safe_tarfile.py b/unblob/handlers/archive/_safe_tarfile.py
@@ -83,9 +83,10 @@ def extract(self, tarinfo: tarfile.TarInfo, extract_root: Path):  # noqa: C901
                     "Converted to extraction relative path.",
                 )
                 tarinfo.linkname = f"./{tarinfo.linkname}"
+
             if not is_safe_path(
                 basedir=extract_root,
-                path=extract_root / tarinfo.linkname,
+                path=extract_root / Path(tarinfo.name).parent / tarinfo.linkname,
             ):
                 self.record_problem(
                     tarinfo,