mirror of
https://github.com/ShareX/ShareX.git
synced 2024-09-30 01:07:21 +13:00
Restrict extraction of image effect packages to 20mb to prevent zip bomb attacks
This commit is contained in:
parent
706075a148
commit
7df4ad672f
4 changed files with 116 additions and 3 deletions
78
ShareX.HelpersLib/MaxLengthStream.cs
Normal file
78
ShareX.HelpersLib/MaxLengthStream.cs
Normal file
|
@ -0,0 +1,78 @@
|
|||
#region License Information (GPL v3)
|
||||
|
||||
/*
|
||||
ShareX - A program that allows you to take screenshots and share any file type
|
||||
Copyright (c) 2007-2020 ShareX Team
|
||||
|
||||
This program is free software; you can redistribute it and/or
|
||||
modify it under the terms of the GNU General Public License
|
||||
as published by the Free Software Foundation; either version 2
|
||||
of the License, or (at your option) any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with this program; if not, write to the Free Software
|
||||
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
||||
|
||||
Optionally you can also view the license at <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
#endregion License Information (GPL v3)
|
||||
|
||||
using System;
|
||||
using System.IO;
|
||||
|
||||
namespace ShareX.HelpersLib
|
||||
{
|
||||
internal sealed class MaxLengthStream : Stream
|
||||
{
|
||||
private readonly Stream stream;
|
||||
private long length = 0L;
|
||||
|
||||
public MaxLengthStream(Stream stream, long maxLength)
|
||||
{
|
||||
this.stream = stream ?? throw new ArgumentNullException(nameof(stream));
|
||||
MaxLength = maxLength;
|
||||
}
|
||||
|
||||
public long MaxLength { get; }
|
||||
|
||||
public override bool CanRead => stream.CanRead;
|
||||
public override bool CanSeek => false;
|
||||
public override bool CanWrite => false;
|
||||
public override long Length => stream.Length;
|
||||
|
||||
public override long Position
|
||||
{
|
||||
get => stream.Position;
|
||||
set => throw new NotSupportedException();
|
||||
}
|
||||
|
||||
public override int Read(byte[] buffer, int offset, int count)
|
||||
{
|
||||
int result = stream.Read(buffer, offset, count);
|
||||
length += result;
|
||||
if (length > MaxLength)
|
||||
{
|
||||
throw new Exception("Stream is larger than the maximum allowed size.");
|
||||
}
|
||||
|
||||
return result;
|
||||
}
|
||||
|
||||
public override void Flush() => throw new NotSupportedException();
|
||||
public override long Seek(long offset, SeekOrigin origin) => throw new NotSupportedException();
|
||||
public override void SetLength(long value) => throw new NotSupportedException();
|
||||
public override void Write(byte[] buffer, int offset, int count) => throw new NotSupportedException();
|
||||
|
||||
protected override void Dispose(bool disposing)
|
||||
{
|
||||
stream.Dispose();
|
||||
base.Dispose(disposing);
|
||||
}
|
||||
}
|
||||
}
|
|
@ -150,6 +150,7 @@
|
|||
</Compile>
|
||||
<Compile Include="Helpers\JsonHelpers.cs" />
|
||||
<Compile Include="ImageFilesCache.cs" />
|
||||
<Compile Include="MaxLengthStream.cs" />
|
||||
<Compile Include="PointInfo.cs" />
|
||||
<Compile Include="Random\RandomCrypto.cs" />
|
||||
<Compile Include="Random\RandomFast.cs" />
|
||||
|
|
|
@ -27,15 +27,25 @@ You should have received a copy of the GNU General Public License
|
|||
using System.Collections.Generic;
|
||||
using System.IO;
|
||||
using System.IO.Compression;
|
||||
using System.Linq;
|
||||
|
||||
namespace ShareX.HelpersLib
|
||||
{
|
||||
public static class ZipManager
|
||||
{
|
||||
public static void Extract(string archivePath, string destination, bool retainDirectoryStructure = true, Func<ZipArchiveEntry, bool> filter = null)
|
||||
public static void Extract(string archivePath, string destination, bool retainDirectoryStructure = true, Func<ZipArchiveEntry, bool> filter = null, long maxLength = 0)
|
||||
{
|
||||
using (ZipArchive archive = ZipFile.OpenRead(archivePath))
|
||||
{
|
||||
if (maxLength > 0)
|
||||
{
|
||||
long declaredSize = archive.Entries.Sum(entry => entry.Length);
|
||||
if (declaredSize > maxLength)
|
||||
{
|
||||
throw new Exception("Archive is too big.");
|
||||
}
|
||||
}
|
||||
|
||||
string fullName = Directory.CreateDirectory(Path.GetFullPath(destination)).FullName;
|
||||
|
||||
foreach (ZipArchiveEntry entry in archive.Entries)
|
||||
|
@ -70,13 +80,37 @@ public static void Extract(string archivePath, string destination, bool retainDi
|
|||
else
|
||||
{
|
||||
Directory.CreateDirectory(Path.GetDirectoryName(fullPath));
|
||||
entry.ExtractToFile(fullPath, true);
|
||||
ExtractToFile(entry, fullPath, true);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
private static void ExtractToFile(ZipArchiveEntry source, string destinationFileName, bool overwrite)
|
||||
{
|
||||
if (source == null)
|
||||
{
|
||||
throw new ArgumentNullException(nameof(source));
|
||||
}
|
||||
|
||||
if (destinationFileName == null)
|
||||
{
|
||||
throw new ArgumentNullException(nameof(destinationFileName));
|
||||
}
|
||||
|
||||
FileMode fMode = overwrite ? FileMode.Create : FileMode.CreateNew;
|
||||
|
||||
using (FileStream fs = new FileStream(destinationFileName, fMode, FileAccess.Write, FileShare.None, bufferSize: 0x1000, useAsync: false))
|
||||
using (Stream es = source.Open())
|
||||
using (MaxLengthStream maxLengthStream = new MaxLengthStream(es, source.Length))
|
||||
{
|
||||
maxLengthStream.CopyTo(fs);
|
||||
}
|
||||
|
||||
File.SetLastWriteTime(destinationFileName, source.LastWriteTime.DateTime);
|
||||
}
|
||||
|
||||
public static void Compress(string source, string archivePath, CompressionLevel compression = CompressionLevel.Optimal)
|
||||
{
|
||||
if (File.Exists(archivePath))
|
||||
|
|
|
@ -99,7 +99,7 @@ public static string ExtractPackage(string packageFilePath, string destination)
|
|||
}
|
||||
|
||||
return false;
|
||||
});
|
||||
}, 20000000);
|
||||
}
|
||||
|
||||
return configJson;
|
||||
|
|
Loading…
Reference in a new issue