diff options
author | isaacs <i@izs.me> | 2012-03-13 03:30:44 +0400 |
---|---|---|
committer | isaacs <i@izs.me> | 2012-03-13 03:31:02 +0400 |
commit | 2c05f5c3860180d7829ac507f0b42a59e8e8e5f4 (patch) | |
tree | ea9958a576fba23922bd120c689c056b3150e2cb | |
parent | 38a9453bf6fb89b1c68720389fb4d1e2fc0d91bd (diff) |
Never create un-listable directories
-rw-r--r-- | lib/utils/tar.js | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/lib/utils/tar.js b/lib/utils/tar.js index 8ff2b01a6..1666325a5 100644 --- a/lib/utils/tar.js +++ b/lib/utils/tar.js @@ -205,6 +205,13 @@ function gunzTarPerm (tarball, tmp, dMode, fMode, uid, gid, cb) { var fst = fs.createReadStream(tarball) + function extractEntry (entry) { + // never create things that are user-unreadable, + // or dirs that are user-un-listable. Only leads to headaches. + entry.mode = entry.mode | (entry.type === "Directory" ? dMode : fMode) + entry.props.mode = entry.mode + } + fst.on("error", log.er(cb, "error reading "+tarball)) fst.on("data", function OD (c) { // detect what it is. @@ -219,12 +226,14 @@ function gunzTarPerm (tarball, tmp, dMode, fMode, uid, gid, cb) { .pipe(zlib.Unzip()) .on("error", log.er(cb, "unzip error "+tarball)) .pipe(tar.Extract({ type: "Directory", path: tmp })) + .on("entry", extractEntry) .on("error", log.er(cb, "untar error "+tarball)) .on("close", afterUntar) } else if (c.toString().match(/^package\//)) { // naked tar fst .pipe(tar.Extract({ type: "Directory", path: tmp })) + .on("entry", extractEntry) .on("error", log.er(cb, "untar error "+tarball)) .on("close", afterUntar) } else { |