Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/npm/cli.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorisaacs <i@izs.me>2012-03-13 03:30:44 +0400
committerisaacs <i@izs.me>2012-03-13 03:31:02 +0400
commit2c05f5c3860180d7829ac507f0b42a59e8e8e5f4 (patch)
treeea9958a576fba23922bd120c689c056b3150e2cb
parent38a9453bf6fb89b1c68720389fb4d1e2fc0d91bd (diff)
Never create un-listable directories
Diffstat
-rw-r--r--lib/utils/tar.js9
1 files changed, 9 insertions, 0 deletions
diff --git a/lib/utils/tar.js b/lib/utils/tar.js
index 8ff2b01a6..1666325a5 100644
--- a/lib/utils/tar.js
+++ b/lib/utils/tar.js
@@ -205,6 +205,13 @@ function gunzTarPerm (tarball, tmp, dMode, fMode, uid, gid, cb) {
var fst = fs.createReadStream(tarball)
+ function extractEntry (entry) {
+ // never create things that are user-unreadable,
+ // or dirs that are user-un-listable. Only leads to headaches.
+ entry.mode = entry.mode | (entry.type === "Directory" ? dMode : fMode)
+ entry.props.mode = entry.mode
+ }
+
fst.on("error", log.er(cb, "error reading "+tarball))
fst.on("data", function OD (c) {
// detect what it is.
@@ -219,12 +226,14 @@ function gunzTarPerm (tarball, tmp, dMode, fMode, uid, gid, cb) {
.pipe(zlib.Unzip())
.on("error", log.er(cb, "unzip error "+tarball))
.pipe(tar.Extract({ type: "Directory", path: tmp }))
+ .on("entry", extractEntry)
.on("error", log.er(cb, "untar error "+tarball))
.on("close", afterUntar)
} else if (c.toString().match(/^package\//)) {
// naked tar
fst
.pipe(tar.Extract({ type: "Directory", path: tmp }))
+ .on("entry", extractEntry)
.on("error", log.er(cb, "untar error "+tarball))
.on("close", afterUntar)
} else {
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-17 14:52:12 +0300