diff options
| author | Rob Landley <rob@landley.net> | 2019-10-27 15:24:50 -0500 |
|---|---|---|
| committer | Rob Landley <rob@landley.net> | 2019-10-27 15:24:50 -0500 |
| commit | b30fd4cb656d7a98c12f63fbb225db4e2cb3a776 (patch) | |
| tree | b03194ce8179682989e5d589e6937e5cbf696ea2 /toys/posix | |
| parent | 01f18c4c6ee68cbd58944e21d1fe36991315a889 (diff) | |
| download | toybox-b30fd4cb656d7a98c12f63fbb225db4e2cb3a776.tar.gz | |
Tar extract should delete files or symlinks where it's making a directory,
but --restrict checking should run on the path up to the last component
before unlinking so tar can't be tricked into deleting random files off
the system.
Diffstat (limited to 'toys/posix')
| -rw-r--r-- | toys/posix/tar.c | 21 |
1 files changed, 14 insertions, 7 deletions
diff --git a/toys/posix/tar.c b/toys/posix/tar.c index 78ff9a1e..ff129819 100644 --- a/toys/posix/tar.c +++ b/toys/posix/tar.c @@ -386,25 +386,32 @@ static void wsettime(char *s, long long sec) } // Do pending directory utimes(), NULL to flush all. -static int dirflush(char *name) +static int dirflush(char *name, int isdir) { char *s = 0, *ss; // Barf if name not in TT.cwd if (name) { - ss = s = xabspath(name, -1); - if (TT.cwd[1] && (!strstart(&ss, TT.cwd) || *ss!='/')) { - error_msg("'%s' not under '%s'", name, TT.cwd); + if (!(ss = s = xabspath(name, -1-isdir))) { + error_msg("'%s' bad symlink", name); + + return 1; + } + if (TT.cwd[1] && (!strstart(&ss, TT.cwd) || (*ss && *ss!='/'))) { + error_msg("'%s' %s not under '%s'", name, s, TT.cwd); free(s); return 1; } + // --restrict means first entry extracted is what everything must be under if (FLAG(restrict)) { free(TT.cwd); TT.cwd = strdup(s); toys.optflags ^= FLAG_restrict; } + // use resolved name so trailing / is stripped + if (isdir) unlink(s); } // Set deferred utimes() for directories this file isn't under. @@ -467,14 +474,14 @@ static void extract_to_disk(void) char *name = TT.hdr.name; int ala = TT.hdr.mode; - if (dirflush(name)) { + if (dirflush(name, S_ISDIR(ala))) { if (S_ISREG(ala) && !TT.hdr.link_target) skippy(TT.hdr.size); return; } // create path before file if necessary - if (strrchr(name, '/') && mkpath(name) && errno !=EEXIST) + if (strrchr(name, '/') && mkpath(name) && errno!=EEXIST) return perror_msg(":%s: can't mkdir", name); // remove old file, if exists @@ -895,7 +902,7 @@ void tar_main(void) } unpack_tar(hdr); - dirflush(0); + dirflush(0, 0); // Each time a TT.incl entry is seen it's moved to the end of the list, // with TT.seen pointing to first seen list entry. Anything between |