svn commit: trunk/busybox/archival/libunarchive

vda at busybox.net vda at busybox.net
Sun Nov 26 15:42:04 UTC 2006


Author: vda
Date: 2006-11-26 07:42:03 -0800 (Sun, 26 Nov 2006)
New Revision: 16672

Log:
tar: refuse to untar files with "/../" components


Modified:
   trunk/busybox/archival/libunarchive/get_header_tar.c


Changeset:
Modified: trunk/busybox/archival/libunarchive/get_header_tar.c
===================================================================
--- trunk/busybox/archival/libunarchive/get_header_tar.c	2006-11-26 01:46:59 UTC (rev 16671)
+++ trunk/busybox/archival/libunarchive/get_header_tar.c	2006-11-26 15:42:03 UTC (rev 16672)
@@ -157,7 +157,6 @@
 			file_header->name = concat_path_file(tar.prefix, tar.name);
 		} else
 			file_header->name = xstrdup(tar.name);
-		/* FIXME: add check for /../ attacks */
 	}
 
 	/* Set bits 12-15 of the files mode */
@@ -244,6 +243,12 @@
 		linkname = NULL;
 	}
 #endif
+	if (!strncmp(file_header->name, "/../"+1, 3)
+	 || strstr(file_header->name, "/../")
+	) {
+		bb_error_msg_and_die("name with '..' encountered: '%s'",
+				file_header->name);
+	}
 
 	/* Strip trailing '/' in directories */
 	/* Must be done after mode is set as '/' is used to check if its a directory */




More information about the busybox-cvs mailing list