[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Bug-tar] leading / included in incremental snapshot rename code
From: |
Sergey Poznyakoff |
Subject: |
Re: [Bug-tar] leading / included in incremental snapshot rename code |
Date: |
Tue, 02 Oct 2007 00:56:59 +0300 |
Nicholas Cole <address@hidden> ha escrit:
> This patch causes tar to strip leading / from rename codes during
> creation. Can you also patch tar to strip leading / from rename
> codes during extraction? This would prevent odd behaivor when
> extracting an archive created with an unpatched version of tar and
> prevent malicious use of rename codes
Yes, this is reasonable. Here is a patch.
Regards,
Sergey
Index: src/incremen.c
===================================================================
RCS file: /cvsroot/tar/tar/src/incremen.c,v
retrieving revision 1.58
diff -p -u -r1.58 incremen.c
--- src/incremen.c 29 Sep 2007 00:47:59 -0000 1.58
+++ src/incremen.c 1 Oct 2007 21:54:17 -0000
@@ -1410,6 +1410,19 @@ try_purge_directory (char const *directo
arc += strlen (arc) + 1;
dst = arc + 1;
+ /* Ensure that neither source nor destination are absolute file
+ names (unless permitted by -P option), and that they do not
+ contain dubious parts (e.g. ../).
+
+ This is an extra safety precaution. Besides, it might be
+ necessary to extract from archives created with tar versions
+ prior to 1.19. */
+
+ if (*src)
+ src = safer_name_suffix (src, false, absolute_names_option);
+ if (*dst)
+ dst = safer_name_suffix (dst, false, absolute_names_option);
+
if (*src == 0)
src = temp_stub;
else if (*dst == 0)