archive/zip: warn about FileHeader.Name being unvalidated on read

author Brad Fitzpatrick <bradfitz@golang.org>

Tue, 12 Jun 2018 19:33:23 +0000 (19:33 +0000)

committer Brad Fitzpatrick <bradfitz@golang.org>

Wed, 13 Jun 2018 21:57:41 +0000 (21:57 +0000)
author Brad Fitzpatrick <bradfitz@golang.org>
Tue, 12 Jun 2018 19:33:23 +0000 (19:33 +0000)
committer Brad Fitzpatrick <bradfitz@golang.org>
Wed, 13 Jun 2018 21:57:41 +0000 (21:57 +0000)
diff --git a/src/archive/zip/struct.go b/src/archive/zip/struct.go

index c545c5b8308e9c277244a92281ce959521909577..c90151d9d44bb1a09b7cede7dd7c3812d69ce54a 100644 (file)
--- a/src/archive/zip/struct.go
+++ b/src/archive/zip/struct.go
@@ -81,9 +81,17 @@ const (
  // See the zip spec for details.
  type FileHeader struct {
         // Name is the name of the file.
-       // It must be a relative path, not start with a drive letter (e.g. C:),
+       //
+       // It must be a relative path, not start with a drive letter (such as "C:"),
         // and must use forward slashes instead of back slashes. A trailing slash
         // indicates that this file is a directory and should have no data.
+       //
+       // When reading zip files, the Name field is populated from
+       // the zip file directly and is not validated for correctness.
+       // It is the caller's responsibility to sanitize it as
+       // appropriate, including canonicalizing slash directions,
+       // validating that paths are relative, and preventing path
+       // traversal through filenames ("../../../").
         Name string
  
         // Comment is any arbitrary user-defined string shorter than 64KiB.
author	Brad Fitzpatrick <bradfitz@golang.org>
	Tue, 12 Jun 2018 19:33:23 +0000 (19:33 +0000)
committer	Brad Fitzpatrick <bradfitz@golang.org>
	Wed, 13 Jun 2018 21:57:41 +0000 (21:57 +0000)