1 /* vi: set sw=4 ts=4: */
3 * Licensed under GPLv2 or later, see file LICENSE in this source tree.
6 #include "bb_archive.h"
8 int FAST_FUNC unsafe_symlink_target(const char *target)
12 if (target[0] == '/') {
15 var = getenv("EXTRACT_UNSAFE_SYMLINKS");
17 if (LONE_CHAR(var, '1'))
18 return 0; /* pretend it's safe */
19 return 1; /* "UNSAFE!" */
21 bb_error_msg("skipping unsafe symlink to '%s' in archive,"
22 " set %s=1 to extract",
24 "EXTRACT_UNSAFE_SYMLINKS"
26 /* Prevent further messages */
27 setenv("EXTRACT_UNSAFE_SYMLINKS", "0", 0);
28 return 1; /* "UNSAFE!" */
33 dot = strchr(dot, '.');
35 return 0; /* safe target */
37 /* Is it a path component starting with ".."? */
39 && (dot == target || dot[-1] == '/')
40 /* Is it exactly ".."? */
41 && (dot[2] == '/' || dot[2] == '\0')
45 /* NB: it can even be trailing ".", should only add 1 */