[Bug 8411] Directory traversal via crafted tar file which contains a symlink pointing outside of the current directory

bugzilla at busybox.net bugzilla at busybox.net
Mon Nov 9 22:26:06 UTC 2015


https://bugs.busybox.net/show_bug.cgi?id=8411

Chris Lamb (lamby) <lamby at debian.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #6191|0                           |1
        is obsolete|                            |
   Attachment #6196|0                           |1
        is obsolete|                            |
   Attachment #6201|0                           |1
        is obsolete|                            |

--- Comment #6 from Chris Lamb (lamby) <lamby at debian.org> 2015-11-09 22:26:06 UTC ---
Created attachment 6206
  --> https://bugs.busybox.net/attachment.cgi?id=6206
Patch for busybox 1.22.0 v4

Oh, good catch.

Instead of matching ".." anywhere ("..foo" is totally valid after all!), I'm
also now just matching on a literal ".."

-- 
Configure bugmail: https://bugs.busybox.net/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.


More information about the busybox-cvs mailing list