From 39b180455ffcb100c4b3269bac9bf119063fd38c Mon Sep 17 00:00:00 2001
From: root <root@localhost.localdomain>
Date: Fri, 6 Sep 2024 16:32:43 +0800
Subject: [PATCH] CVE-2021-38291

---
 3rdparty/libzipplugin/libzipplugin.cpp | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/3rdparty/libzipplugin/libzipplugin.cpp b/3rdparty/libzipplugin/libzipplugin.cpp
index 280378f..b9cab7f 100644
--- a/3rdparty/libzipplugin/libzipplugin.cpp
+++ b/3rdparty/libzipplugin/libzipplugin.cpp
@@ -741,6 +741,11 @@ ErrorType LibzipPlugin::extractEntry(zip_t *archive, zip_int64_t index, const Ex
     }
 
     strFileName = m_common->trans2uft8(statBuffer.name, m_mapFileCode[index]);    // 解压文件名（压缩包中）
+    //fix 232873
+    if(strFileName.indexOf("../") != -1) {
+        qInfo() << "skipped ../ path component(s) in " << strFileName;
+        strFileName = strFileName.replace("../", "");
+    }
     QString strOriginName = strFileName;
 
     // 针对文件夹名称过长的情况，直接提示解压失败，文件夹名称过长
-- 
2.39.3