From 9c458883e8ecaf86c08092420d92408c70ffa7fc Mon Sep 17 00:00:00 2001
From: Roland Knall <rknall@gmail.com>
Date: Mon, 23 Mar 2026 13:11:05 +0000
Subject: [PATCH] Qt::Guard better when loading zip files

Prevent traversal attacks using malicously created zip-files

Closes #21115
AI-Assisted: no

AI-Assisted: no|yes [tool(s)]


(cherry picked from commit 70c86bd39c74fc0052c9a212afc911b41d612388)

Co-authored-by: Roland Knall <rknall@gmail.com>
---
 ui/qt/utils/wireshark_zip_helper.cpp | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/ui/qt/utils/wireshark_zip_helper.cpp b/ui/qt/utils/wireshark_zip_helper.cpp
index a295001cfcc..773cff3172b 100644
--- a/ui/qt/utils/wireshark_zip_helper.cpp
+++ b/ui/qt/utils/wireshark_zip_helper.cpp
@@ -86,6 +86,7 @@ bool WiresharkZipHelper::unzip(QString zipFile, QString directory, bool (*fileCh
         return false;
 
     QMap<QString, QString> cleanPaths;
+    QString canonicalDir = QFileInfo(di.path()).canonicalFilePath();
 
     for (unsigned int cnt = 0; cnt < nmbr; cnt++)
     {
@@ -112,6 +113,13 @@ bool WiresharkZipHelper::unzip(QString zipFile, QString directory, bool (*fileCh
                 continue;
             }
 
+#ifndef _WIN32
+            /* Reject paths outside the extraction root, to prevent directory traversal attacks on Posix systems */
+            if (!QFileInfo(fileInZip).absoluteFilePath().startsWith(canonicalDir + "/")) {
+                continue;
+            }
+#endif
+
             if (di.exists())
             {
 #ifdef _WIN32
-- 
GitLab