From c1660fea6da93f4f8aacf0a9a65c2880ac58209a Mon Sep 17 00:00:00 2001 From: Denis Vlasenko Date: Sun, 26 Nov 2006 15:42:03 +0000 Subject: tar: refuse to untar files with "/../" components --- archival/libunarchive/get_header_tar.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/archival/libunarchive/get_header_tar.c b/archival/libunarchive/get_header_tar.c index 583f6f811..66c3314a1 100644 --- a/archival/libunarchive/get_header_tar.c +++ b/archival/libunarchive/get_header_tar.c @@ -157,7 +157,6 @@ char get_header_tar(archive_handle_t *archive_handle) file_header->name = concat_path_file(tar.prefix, tar.name); } else file_header->name = xstrdup(tar.name); - /* FIXME: add check for /../ attacks */ } /* Set bits 12-15 of the files mode */ @@ -244,6 +243,12 @@ char get_header_tar(archive_handle_t *archive_handle) linkname = NULL; } #endif + if (!strncmp(file_header->name, "/../"+1, 3) + || strstr(file_header->name, "/../") + ) { + bb_error_msg_and_die("name with '..' encountered: '%s'", + file_header->name); + } /* Strip trailing '/' in directories */ /* Must be done after mode is set as '/' is used to check if its a directory */ -- cgit v1.2.3