open-source/RevokeMsgPatcher
1
0
Fork 0
mirror of https://github.com/huiyadanli/RevokeMsgPatcher.git synced 2026-03-03 11:05:39 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix: resolve critical vulnerability V-001

Browse Source 
Automatically generated security fix
This commit is contained in:
orbisai0security 2026-02-05 06:37:53 +00:00
parent 06fec2942b
commit e4826547f3
2 changed files with 40 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
RevokeMsgPatcher/Forms/FormLiteLoaderQQNT.cs
View File

@ -7,6 +7,7 @@ using System.Data;
using System.Diagnostics; using System.Diagnostics;
using System.IO; using System.IO;
using System.Linq; using System.Linq;
using System.Security;
using System.Text; using System.Text;
using System.Threading.Tasks; using System.Threading.Tasks;
using System.Windows.Forms; using System.Windows.Forms;
@ -221,6 +222,16 @@ namespace RevokeMsgPatcher.Forms
private void RestoreDll(string installPath) private void RestoreDll(string installPath)
{ {
string destPath = Path.Combine(installPath, "dbghelp.dll"); string destPath = Path.Combine(installPath, "dbghelp.dll");
// Validate that the path is safe and within expected directory
string normalizedDestPath = Path.GetFullPath(destPath);
string normalizedInstallPath = Path.GetFullPath(installPath);
if (!normalizedDestPath.StartsWith(normalizedInstallPath, StringComparison.OrdinalIgnoreCase))
{
throw new SecurityException("Invalid file path detected. Path traversal attempt blocked.");
}
if (File.Exists(destPath)) if (File.Exists(destPath))
{ {
File.Delete(destPath); File.Delete(destPath);
@ -295,6 +306,16 @@ namespace RevokeMsgPatcher.Forms
{ {
string fileName = "dbghelp.dll"; string fileName = "dbghelp.dll";
string destPath = Path.Combine(installPath, fileName); string destPath = Path.Combine(installPath, fileName);
// Validate that the path is safe and within expected directory
string normalizedDestPath = Path.GetFullPath(destPath);
string normalizedInstallPath = Path.GetFullPath(installPath);
if (!normalizedDestPath.StartsWith(normalizedInstallPath, StringComparison.OrdinalIgnoreCase))
{
throw new SecurityException("Invalid file path detected. Path traversal attempt blocked.");
}
if (File.Exists(destPath)) if (File.Exists(destPath))
{ {
File.Delete(destPath); File.Delete(destPath);

19
RevokeMsgPatcher/Model/LiteLoaderRowData.cs
View File

@ -193,6 +193,16 @@ namespace RevokeMsgPatcher.Model
// 解压 // 解压
string zipFileName = Path.GetFileNameWithoutExtension(downloadedFilePath); string zipFileName = Path.GetFileNameWithoutExtension(downloadedFilePath);
string extractPath = Path.Combine(Application.StartupPath, "Public/Extracted", zipFileName); string extractPath = Path.Combine(Application.StartupPath, "Public/Extracted", zipFileName);
// Validate extractPath is within expected directory
string normalizedExtractPath = Path.GetFullPath(extractPath);
string normalizedBaseExtractPath = Path.GetFullPath(Path.Combine(Application.StartupPath, "Public/Extracted"));
if (!normalizedExtractPath.StartsWith(normalizedBaseExtractPath, StringComparison.OrdinalIgnoreCase))
{
throw new System.Security.SecurityException("Invalid extract path detected. Path traversal attempt blocked.");
}
if (Directory.Exists(extractPath)) if (Directory.Exists(extractPath))
{ {
Directory.Delete(extractPath, true); Directory.Delete(extractPath, true);
@ -214,6 +224,15 @@ namespace RevokeMsgPatcher.Model
// 清理 // 清理
// Validate downloadedFilePath is within expected directory
string normalizedDownloadPath = Path.GetFullPath(downloadedFilePath);
string normalizedBaseDownloadPath = Path.GetFullPath(Path.Combine(Application.StartupPath, "Public/Download"));
if (!normalizedDownloadPath.StartsWith(normalizedBaseDownloadPath, StringComparison.OrdinalIgnoreCase))
{
throw new System.Security.SecurityException("Invalid download path detected. Path traversal attempt blocked.");
}
if (File.Exists(downloadedFilePath)) if (File.Exists(downloadedFilePath))
{ {
File.Delete(downloadedFilePath); File.Delete(downloadedFilePath);