Skip to content

fix(asar): path traversal (zip-slip) on extract + Pickle buffer overrun#143

Open
dchukkapalli-dev wants to merge 2 commits into
k1tbyte:masterfrom
dchukkapalli-dev:fix/asar-extraction-safety-and-process-kill
Open

fix(asar): path traversal (zip-slip) on extract + Pickle buffer overrun#143
dchukkapalli-dev wants to merge 2 commits into
k1tbyte:masterfrom
dchukkapalli-dev:fix/asar-extraction-safety-and-process-kill

Conversation

@dchukkapalli-dev

@dchukkapalli-dev dchukkapalli-dev commented Jul 13, 2026

Copy link
Copy Markdown

Summary

Fixes two code-level bugs in the AsarSharp pack/extract pipeline found by source audit (full write-ups and reproductions in #142).

Split note: the WandEnhancer.TryKillProcess fix that was originally part of this PR has been moved to its own PR so each change can be reviewed independently.

1. AsarSharp/AsarExtractor.cs — path traversal / zip-slip (major)

The extraction guard used Extensions.GetRelativePath, whose fast path strips the dest prefix without resolving .., so a crafted entry like a/../../evil bypassed the check and was written outside dest. The out-of-package symlink guard shared the weakness.

  • Added Extensions.IsPathInside, which normalises both paths with Path.GetFullPath before the containment check.
  • Used it for both the file/directory and symlink guards.

2. AsarSharp/PickleTools/Pickle.cs — payload buffer overrun (major)

Resize allocated _header.Length + newCapacity but advertised _capacityAfterHeader = newCapacity, leaving the backing array _headerSize (4) bytes short on the first growth. A serialised asar header of 4089–4092 bytes overran the buffer (ArgumentException) during packing.

  • Now allocates _headerSize + newCapacity, matching Chromium's Pickle::Resize.

Changes

  • AsarSharp/Utils/Extensions.cs — new IsPathInside helper (normalising containment check).
  • AsarSharp/AsarExtractor.cs — both traversal guards use IsPathInside.
  • AsarSharp/PickleTools/Pickle.cs — corrected Resize allocation.

All changes are minimal and localised; no public API or behaviour change beyond the fixes.

Testing

There is no automated test project for the C# solution and I don't have the WeMod runtime, so I verified by:

  • Static reasoning against each code path.
  • A standalone arithmetic/string simulation of the Pickle buffer sizing and the path-normalisation guard (results in AsarSharp: path traversal (zip-slip) on extract & Pickle buffer overrun #142). The current code overruns for header sizes 4089–4092 and lets a/../../evil escape; the patched logic handles both while leaving every other size and all legitimate paths unchanged.

Per CONTRIBUTING.md, please build the solution in your environment to confirm compilation. Happy to adjust naming/placement (e.g. the IsPathInside helper) to fit project conventions.

Fixes #142

dchukkapalli-dev and others added 2 commits July 13, 2026 19:59
AsarExtractor's path-traversal guard called Extensions.GetRelativePath,
whose fast path strips the destination prefix literally without resolving
".." segments. A crafted archive entry such as "a/../../evil" produced a
relative path that did not start with "..", so the guard passed and the
file was written outside the extraction directory once the OS resolved the
"..". The out-of-package symlink guard shared the same weakness.

Add Extensions.IsPathInside, which normalises both paths with
Path.GetFullPath before the containment check, and use it for both the
file/directory and symlink guards.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Pickle.Resize allocated the backing array as _header.Length + newCapacity
but advertised _capacityAfterHeader = newCapacity. On the first growth
_header is still empty, so the array ended up _headerSize (4) bytes short of
the header + capacity it claimed. A write that fills the payload then
overran the buffer, throwing an ArgumentException when the serialised asar
header was 4089-4092 bytes.

Allocate _headerSize + newCapacity instead, matching Chromium's
realloc(header_size_ + new_capacity).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@dchukkapalli-dev
dchukkapalli-dev force-pushed the fix/asar-extraction-safety-and-process-kill branch from 585da71 to 7d28eb7 Compare July 13, 2026 20:21
@dchukkapalli-dev dchukkapalli-dev changed the title fix: AsarSharp zip-slip + Pickle overrun; TryKillProcess retry loop fix(asar): path traversal (zip-slip) on extract + Pickle buffer overrun Jul 13, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

AsarSharp: path traversal (zip-slip) on extract & Pickle buffer overrun

1 participant