diff options
| author | Denis Vlasenko <vda.linux@googlemail.com> | 2006-11-26 18:42:03 +0300 |
|---|---|---|
| committer | Denis Vlasenko <vda.linux@googlemail.com> | 2006-11-26 18:42:03 +0300 |
| commit | c1660fea6da93f4f8aacf0a9a65c2880ac58209a (patch) | |
| tree | b9f58ac239a9fb05ed437d274e7a68fb160b60e3 /archival | |
| parent | b59633586846b08157916163c25c8aec81d4da4a (diff) | |
tar: refuse to untar files with "/../" components
Diffstat (limited to 'archival')
| -rw-r--r-- | archival/libunarchive/get_header_tar.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/archival/libunarchive/get_header_tar.c b/archival/libunarchive/get_header_tar.c index 583f6f811..66c3314a1 100644 --- a/archival/libunarchive/get_header_tar.c +++ b/archival/libunarchive/get_header_tar.c @@ -157,7 +157,6 @@ char get_header_tar(archive_handle_t *archive_handle) file_header->name = concat_path_file(tar.prefix, tar.name); } else file_header->name = xstrdup(tar.name); - /* FIXME: add check for /../ attacks */ } /* Set bits 12-15 of the files mode */ @@ -244,6 +243,12 @@ char get_header_tar(archive_handle_t *archive_handle) linkname = NULL; } #endif + if (!strncmp(file_header->name, "/../"+1, 3) + || strstr(file_header->name, "/../") + ) { + bb_error_msg_and_die("name with '..' encountered: '%s'", + file_header->name); + } /* Strip trailing '/' in directories */ /* Must be done after mode is set as '/' is used to check if its a directory */ |