unzip: prevent attacks via malicious filenames

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
author: Denys Vlasenko <vda.linux@googlemail.com> 2015-02-10 01:30:43 +0100
committer: Denys Vlasenko <vda.linux@googlemail.com> 2015-02-10 01:30:43 +0100
commit: 8c06bc6ba14949d945eff0abcabab885f1ef7680 (patch)
tree: 438b36b8264a1b257d4fb3e6293dcda1a4ac9d35 /archival/libarchive/get_header_tar.c
parent: 23cfaab47de7392c1ba7d601a05fb36da3629b28 (diff)
download: busybox-8c06bc6ba14949d945eff0abcabab885f1ef7680.tar.gz
1 files changed, 0 insertions, 30 deletions
diff --git a/archival/libarchive/get_header_tar.c b/archival/libarchive/get_header_tar.c
index ba43bb073..0c663fbd7 100644
--- a/archival/libarchive/get_header_tar.c
+++ b/archival/libarchive/get_header_tar.c
@@ -17,36 +17,6 @@
 typedef uint32_t aliased_uint32_t FIX_ALIASING;
 typedef off_t    aliased_off_t    FIX_ALIASING;
 
-
-const char* FAST_FUNC strip_unsafe_prefix(const char *str)
-{
-	const char *cp = str;
-	while (1) {
-		char *cp2;
-		if (*cp == '/') {
-			cp++;
-			continue;
-		}
-		if (strncmp(cp, "/../"+1, 3) == 0) {
-			cp += 3;
-			continue;
-		}
-		cp2 = strstr(cp, "/../");
-		if (!cp2)
-			break;
-		cp = cp2 + 4;
-	}
-	if (cp != str) {
-		static smallint warned = 0;
-		if (!warned) {
-			warned = 1;
-			bb_error_msg("removing leading '%.*s' from member names",
-				(int)(cp - str), str);
-		}
-	}
-	return cp;
-}
-
 /* NB: _DESTROYS_ str[len] character! */
 static unsigned long long getOctal(char *str, int len)
 {
author	Denys Vlasenko <vda.linux@googlemail.com>	2015-02-10 01:30:43 +0100
committer	Denys Vlasenko <vda.linux@googlemail.com>	2015-02-10 01:30:43 +0100
commit	8c06bc6ba14949d945eff0abcabab885f1ef7680 (patch)
tree	438b36b8264a1b257d4fb3e6293dcda1a4ac9d35 /archival/libarchive/get_header_tar.c
parent	23cfaab47de7392c1ba7d601a05fb36da3629b28 (diff)
download	busybox-8c06bc6ba14949d945eff0abcabab885f1ef7680.tar.gz