Updated unpfs extractor to create unique output directories in the event of…

Updated unpfs extractor to create unique output directories in the event of multiple PFS images inside the same file; added directory traversal check.

Updated unpfs extractor to create unique output directories in the event of…
Updated unpfs extractor to create unique output directories in the event of multiple PFS images inside the same file; added directory traversal check.
58d1d92e · Craig Heffner · f87bcc64 · 58d1d92e
Commit 58d1d92e authored Sep 22, 2017 by Craig Heffner
Show whitespace changes
Inline Side-by-side

Showing with 12 additions and 6 deletions

unpfs.py src/binwalk/plugins/unpfs.py +12 -6

No files found.
--- a/src/binwalk/plugins/unpfs.py
+++ b/src/binwalk/plugins/unpfs.py
 import os
 import errno
 import struct
-import binwalk.core.plugin
+import binwalk.core.common
 import binwalk.core.compat
-from binwalk.core.common import BlockFile as open
+import binwalk.core.plugin
 class PFSCommon(object):
@@ -23,7 +23,7 @@ class PFS(PFSCommon):
    def __init__(self, fname, endianess='<'):
        self.endianess = endianess
-        self.meta = open(fname, 'rb')
+        self.meta = binwalk.core.common.BlockFile(fname, 'rb')
        header = self.meta.read(self.HEADER_SIZE)
        self.file_list_start = self.meta.tell()
@@ -96,14 +96,20 @@ class PFSExtractor(binwalk.core.plugin.Plugin):
    def extractor(self, fname):
        fname = os.path.abspath(fname)
+        out_dir = binwalk.core.common.unique_file_name(os.path.join(os.path.dirname(fname), "pfs-root"))
        try:
            with PFS(fname) as fs:
                # The end of PFS meta data is the start of the actual data
-                data = open(fname, 'rb')
+                data = binwalk.core.common.BlockFile(fname, 'rb')
                data.seek(fs.get_end_of_meta_data())
                for entry in fs.entries():
-                    self._create_dir_from_fname(entry.fname)
+                    outfile_path = os.path.join(out_dir, entry.fname)
-                    outfile = open(entry.fname, 'wb')
+                    if not outfile_path.startswith(out_dir):
+                        binwalk.core.common.warning("Unpfs extractor detected directory traversal attempt for file: '%s'. Refusing to extract." % outfile_path)
+                    else:
+                        self._create_dir_from_fname(outfile_path)
+                        outfile = binwalk.core.common.BlockFile(outfile_path, 'wb')
                        outfile.write(data.read(entry.fsize))
                        outfile.close()
                data.close()