From: Brad Fitzpatrick Date: Tue, 12 Jun 2018 19:33:23 +0000 (+0000) Subject: archive/zip: warn about FileHeader.Name being unvalidated on read X-Git-Tag: go1.11beta1~108 X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=fc0e1d2b6fbcb9c27b1eed5892de62de6b1fbae6;p=gostls13.git archive/zip: warn about FileHeader.Name being unvalidated on read Updates #25849 Change-Id: I09ee928b462ab538a9d38c4e317eaeb8856919f2 Reviewed-on: https://go-review.googlesource.com/118335 Reviewed-by: Joe Tsai --- diff --git a/src/archive/zip/struct.go b/src/archive/zip/struct.go index c545c5b830..c90151d9d4 100644 --- a/src/archive/zip/struct.go +++ b/src/archive/zip/struct.go @@ -81,9 +81,17 @@ const ( // See the zip spec for details. type FileHeader struct { // Name is the name of the file. - // It must be a relative path, not start with a drive letter (e.g. C:), + // + // It must be a relative path, not start with a drive letter (such as "C:"), // and must use forward slashes instead of back slashes. A trailing slash // indicates that this file is a directory and should have no data. + // + // When reading zip files, the Name field is populated from + // the zip file directly and is not validated for correctness. + // It is the caller's responsibility to sanitize it as + // appropriate, including canonicalizing slash directions, + // validating that paths are relative, and preventing path + // traversal through filenames ("../../../"). Name string // Comment is any arbitrary user-defined string shorter than 64KiB.