open-source/RevokeMsgPatcher
1
0
Fork 0
mirror of https://github.com/huiyadanli/RevokeMsgPatcher.git synced 2026-03-03 02:55:39 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix: resolve critical vulnerability V-001

Browse Source 
Automatically generated security fix
This commit is contained in:
orbisai0security 2026-02-05 06:37:53 +00:00
parent 06fec2942b
commit e4826547f3
2 changed files with 40 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
RevokeMsgPatcher/Forms/FormLiteLoaderQQNT.cs
View File

@ -7,6 +7,7 @@ using System.Data;
using System.Diagnostics;
using System.IO;
using System.Linq;
using System.Security;
using System.Text;
using System.Threading.Tasks;
using System.Windows.Forms;
@ -221,6 +222,16 @@ namespace RevokeMsgPatcher.Forms
private void RestoreDll(string installPath)
{
string destPath = Path.Combine(installPath, "dbghelp.dll");
// Validate that the path is safe and within expected directory
string normalizedDestPath = Path.GetFullPath(destPath);
string normalizedInstallPath = Path.GetFullPath(installPath);
if (!normalizedDestPath.StartsWith(normalizedInstallPath, StringComparison.OrdinalIgnoreCase))
{
throw new SecurityException("Invalid file path detected. Path traversal attempt blocked.");
}
if (File.Exists(destPath))
{
File.Delete(destPath);
@ -295,6 +306,16 @@ namespace RevokeMsgPatcher.Forms
{
string fileName = "dbghelp.dll";
string destPath = Path.Combine(installPath, fileName);
// Validate that the path is safe and within expected directory
string normalizedDestPath = Path.GetFullPath(destPath);
string normalizedInstallPath = Path.GetFullPath(installPath);
if (!normalizedDestPath.StartsWith(normalizedInstallPath, StringComparison.OrdinalIgnoreCase))
{
throw new SecurityException("Invalid file path detected. Path traversal attempt blocked.");
}
if (File.Exists(destPath))
{
File.Delete(destPath);

19
RevokeMsgPatcher/Model/LiteLoaderRowData.cs
View File

@ -193,6 +193,16 @@ namespace RevokeMsgPatcher.Model
// 解压
string zipFileName = Path.GetFileNameWithoutExtension(downloadedFilePath);
string extractPath = Path.Combine(Application.StartupPath, "Public/Extracted", zipFileName);
// Validate extractPath is within expected directory
string normalizedExtractPath = Path.GetFullPath(extractPath);
string normalizedBaseExtractPath = Path.GetFullPath(Path.Combine(Application.StartupPath, "Public/Extracted"));
if (!normalizedExtractPath.StartsWith(normalizedBaseExtractPath, StringComparison.OrdinalIgnoreCase))
{
throw new System.Security.SecurityException("Invalid extract path detected. Path traversal attempt blocked.");
}
if (Directory.Exists(extractPath))
{
Directory.Delete(extractPath, true);
@ -214,6 +224,15 @@ namespace RevokeMsgPatcher.Model
// 清理
// Validate downloadedFilePath is within expected directory
string normalizedDownloadPath = Path.GetFullPath(downloadedFilePath);
string normalizedBaseDownloadPath = Path.GetFullPath(Path.Combine(Application.StartupPath, "Public/Download"));
if (!normalizedDownloadPath.StartsWith(normalizedBaseDownloadPath, StringComparison.OrdinalIgnoreCase))
{
throw new System.Security.SecurityException("Invalid download path detected. Path traversal attempt blocked.");
}
if (File.Exists(downloadedFilePath))
{
File.Delete(downloadedFilePath);