fix path traversal in PFS extractor script.

os.path.join does not fully resolve a path so the condition that follows will never be true. Fixed by resolving the path using os.path.abspath.
Cossack9989 · Oct 26, 2022 · 696fe34 · 696fe34
1 parent a555eb1
commit 696fe34
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/binwalk/plugins/unpfs.py b/src/binwalk/plugins/unpfs.py
@@ -104,7 +104,7 @@ def extractor(self, fname):
                 data = binwalk.core.common.BlockFile(fname, 'rb')
                 data.seek(fs.get_end_of_meta_data())
                 for entry in fs.entries():
-                    outfile_path = os.path.join(out_dir, entry.fname)
+                    outfile_path = os.path.abspath(os.path.join(out_dir, entry.fname))
                     if not outfile_path.startswith(out_dir):
                         binwalk.core.common.warning("Unpfs extractor detected directory traversal attempt for file: '%s'. Refusing to extract." % outfile_path)
                     else: