diff options
Diffstat (limited to 'archival/libarchive/data_extract_all.c')
| -rw-r--r-- | archival/libarchive/data_extract_all.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/archival/libarchive/data_extract_all.c b/archival/libarchive/data_extract_all.c index 049c2c156..8a69711c1 100644 --- a/archival/libarchive/data_extract_all.c +++ b/archival/libarchive/data_extract_all.c | |||
| @@ -65,6 +65,14 @@ void FAST_FUNC data_extract_all(archive_handle_t *archive_handle) | |||
| 65 | } while (--n != 0); | 65 | } while (--n != 0); |
| 66 | } | 66 | } |
| 67 | #endif | 67 | #endif |
| 68 | #if ENABLE_FEATURE_PATH_TRAVERSAL_PROTECTION | ||
| 69 | /* Strip leading "/" and up to last "/../" path component */ | ||
| 70 | dst_name = (char *)strip_unsafe_prefix(dst_name); | ||
| 71 | #endif | ||
| 72 | // ^^^ This may be a problem if some applets do need to extract absolute names. | ||
| 73 | // (Probably will need to invent ARCHIVE_ALLOW_UNSAFE_NAME flag). | ||
| 74 | // You might think that rpm needs it, but in my tests rpm's internal cpio | ||
| 75 | // archive has names like "./usr/bin/FOO", not "/usr/bin/FOO". | ||
| 68 | 76 | ||
| 69 | if (archive_handle->ah_flags & ARCHIVE_CREATE_LEADING_DIRS) { | 77 | if (archive_handle->ah_flags & ARCHIVE_CREATE_LEADING_DIRS) { |
| 70 | char *slash = strrchr(dst_name, '/'); | 78 | char *slash = strrchr(dst_name, '/'); |