tar: refuse to untar files with "/../" components

author Denis Vlasenko <vda.linux@googlemail.com>

Sun, 26 Nov 2006 15:42:03 +0000 (15:42 -0000)

committer Denis Vlasenko <vda.linux@googlemail.com>

Sun, 26 Nov 2006 15:42:03 +0000 (15:42 -0000)
author Denis Vlasenko <vda.linux@googlemail.com>
Sun, 26 Nov 2006 15:42:03 +0000 (15:42 -0000)
committer Denis Vlasenko <vda.linux@googlemail.com>
Sun, 26 Nov 2006 15:42:03 +0000 (15:42 -0000)
diff --git a/archival/libunarchive/get_header_tar.c b/archival/libunarchive/get_header_tar.c

index 583f6f81175852b911a32f02e98ffb671921d0ac..66c3314a1f84fe5fdf96c10f8b7fb3eed49c1e82 100644 (file)
--- a/archival/libunarchive/get_header_tar.c
+++ b/archival/libunarchive/get_header_tar.c
@@ -157,7 +157,6 @@ char get_header_tar(archive_handle_t *archive_handle)
                         file_header->name = concat_path_file(tar.prefix, tar.name);
                 } else
                         file_header->name = xstrdup(tar.name);
-               /* FIXME: add check for /../ attacks */
         }
  
         /* Set bits 12-15 of the files mode */
@@ -244,6 +243,12 @@ char get_header_tar(archive_handle_t *archive_handle)
                 linkname = NULL;
         }
  #endif
+       if (!strncmp(file_header->name, "/../"+1, 3)
+        || strstr(file_header->name, "/../")
+       ) {
+               bb_error_msg_and_die("name with '..' encountered: '%s'",
+                               file_header->name);
+       }
  
         /* Strip trailing '/' in directories */
         /* Must be done after mode is set as '/' is used to check if its a directory */
author	Denis Vlasenko <vda.linux@googlemail.com>
	Sun, 26 Nov 2006 15:42:03 +0000 (15:42 -0000)
committer	Denis Vlasenko <vda.linux@googlemail.com>
	Sun, 26 Nov 2006 15:42:03 +0000 (15:42 -0000)