Summary
mcpb unpack decompresses an entire archive into memory with no size limit (unzipSync(originalContent)), and trusts the ZIP central-directory entry count without bound. A small, highly compressible .mcpb (a zip bomb) can exhaust memory and crash the process — a reliable local DoS, and a footgun for any tooling that wraps unpackExtension server-side.
Mechanism
src/cli/unpack.ts:92 — unzipSync inflates the whole archive at once with no per-entry or aggregate cap. The central-directory entry count (unpack.ts:62) is also trusted without bound. No size guard exists anywhere in src/cli/ or src/node/files.ts.
Severity
Medium — local CLI with an attacker-supplied bundle; OOM crash rather than RCE. (Not executed, to avoid allocating GBs; mechanism is verified by inspection — there is no size guard on the read, decompress, or entry loop.)
Suggested fix
Enforce a maximum uncompressed-size budget. fflate exposes streaming unzip/Unzip with per-file ondata callbacks; track cumulative bytes and abort past a configurable threshold (e.g. a few hundred MB default). At minimum, cap the trusted central-directory entry count and reject archives whose declared uncompressed size exceeds a limit.
Environment: current main (70fe3b3).
Summary
mcpb unpackdecompresses an entire archive into memory with no size limit (unzipSync(originalContent)), and trusts the ZIP central-directory entry count without bound. A small, highly compressible.mcpb(a zip bomb) can exhaust memory and crash the process — a reliable local DoS, and a footgun for any tooling that wrapsunpackExtensionserver-side.Mechanism
src/cli/unpack.ts:92—unzipSyncinflates the whole archive at once with no per-entry or aggregate cap. The central-directory entry count (unpack.ts:62) is also trusted without bound. No size guard exists anywhere insrc/cli/orsrc/node/files.ts.Severity
Medium — local CLI with an attacker-supplied bundle; OOM crash rather than RCE. (Not executed, to avoid allocating GBs; mechanism is verified by inspection — there is no size guard on the read, decompress, or entry loop.)
Suggested fix
Enforce a maximum uncompressed-size budget. fflate exposes streaming
unzip/Unzipwith per-fileondatacallbacks; track cumulative bytes and abort past a configurable threshold (e.g. a few hundred MB default). At minimum, cap the trusted central-directory entry count and reject archives whose declared uncompressed size exceeds a limit.Environment: current
main(70fe3b3).