std/zip.zig: perform backslash-to-forward-slash before isBadFilename() - zig - General-purpose programming language and toolchain for maintaining robust, optimal, and reusable software. https://ziglang.org

diff options

author	Frank Denis <github@pureftpd.org>	2025-08-07 23:08:14 +0200
committer	Andrew Kelley <andrew@ziglang.org>	2025-08-07 14:42:48 -0700
commit	242102f9d113fff321559c8645e79a29f0bdf70d (patch)
tree	4c0e5787b20927009789740626d618d12b2bf809 /src/codegen/c
parent	6de23100352b9c94cc8c92737687091917951df3 (diff)
download	zig-242102f9d113fff321559c8645e79a29f0bdf70d.tar.gz zig-242102f9d113fff321559c8645e79a29f0bdf70d.zip

std/zip.zig: perform backslash-to-forward-slash before isBadFilename()

Previously, when extracting a ZIP file, isBadFilename(), which is designed to reject ../ patterns to prevent directory traversal, was called before normalizing backslashes to forward slashes. This allowed path traversal sequences like ..\\..\\..\\etc\\passwd which pass validation but are then converted to ../../../etc/passwd for file extraction.

Diffstat (limited to 'src/codegen/c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: