[Bug 8411] Directory traversal via crafted tar file which contains a symlink pointing outside of the current directory
bugzilla at busybox.net
bugzilla at busybox.net
Mon Nov 9 23:21:48 UTC 2015
https://bugs.busybox.net/show_bug.cgi?id=8411
--- Comment #7 from Tyler Hicks <tyhicks at canonical.com> 2015-11-09 23:21:47 UTC ---
(In reply to comment #6)
> Created attachment 6206 [details]
> Patch for busybox 1.22.0 v4
>
> Oh, good catch.
>
> Instead of matching ".." anywhere ("..foo" is totally valid after all!), I'm
> also now just matching on a literal ".."
Something odd happened with the patch that you attached. It is base64 encoded
and, while it does contain some changes, does not contain the change to match a
lateral ".." sequence.
--
Configure bugmail: https://bugs.busybox.net/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
More information about the busybox-cvs
mailing list