diff options
Diffstat (limited to 'archival')
| -rw-r--r-- | archival/libarchive/get_header_tar.c | 51 | ||||
| -rw-r--r-- | archival/tar.c | 13 |
2 files changed, 32 insertions, 32 deletions
diff --git a/archival/libarchive/get_header_tar.c b/archival/libarchive/get_header_tar.c index 6a1532c86..f73cd338e 100644 --- a/archival/libarchive/get_header_tar.c +++ b/archival/libarchive/get_header_tar.c | |||
| @@ -18,6 +18,35 @@ typedef uint32_t aliased_uint32_t FIX_ALIASING; | |||
| 18 | typedef off_t aliased_off_t FIX_ALIASING; | 18 | typedef off_t aliased_off_t FIX_ALIASING; |
| 19 | 19 | ||
| 20 | 20 | ||
| 21 | const char* FAST_FUNC strip_unsafe_prefix(const char *str) | ||
| 22 | { | ||
| 23 | const char *cp = str; | ||
| 24 | while (1) { | ||
| 25 | char *cp2; | ||
| 26 | if (*cp == '/') { | ||
| 27 | cp++; | ||
| 28 | continue; | ||
| 29 | } | ||
| 30 | if (strncmp(cp, "/../"+1, 3) == 0) { | ||
| 31 | cp += 3; | ||
| 32 | continue; | ||
| 33 | } | ||
| 34 | cp2 = strstr(cp, "/../"); | ||
| 35 | if (!cp2) | ||
| 36 | break; | ||
| 37 | cp = cp2 + 4; | ||
| 38 | } | ||
| 39 | if (cp != str) { | ||
| 40 | static smallint warned = 0; | ||
| 41 | if (!warned) { | ||
| 42 | warned = 1; | ||
| 43 | bb_error_msg("removing leading '%.*s' from member names", | ||
| 44 | (int)(cp - str), str); | ||
| 45 | } | ||
| 46 | } | ||
| 47 | return cp; | ||
| 48 | } | ||
| 49 | |||
| 21 | /* NB: _DESTROYS_ str[len] character! */ | 50 | /* NB: _DESTROYS_ str[len] character! */ |
| 22 | static unsigned long long getOctal(char *str, int len) | 51 | static unsigned long long getOctal(char *str, int len) |
| 23 | { | 52 | { |
| @@ -424,27 +453,7 @@ char FAST_FUNC get_header_tar(archive_handle_t *archive_handle) | |||
| 424 | #endif | 453 | #endif |
| 425 | 454 | ||
| 426 | /* Everything up to and including last ".." component is stripped */ | 455 | /* Everything up to and including last ".." component is stripped */ |
| 427 | cp = file_header->name; | 456 | overlapping_strcpy(file_header->name, strip_unsafe_prefix(file_header->name)); |
| 428 | while (1) { | ||
| 429 | char *cp2; | ||
| 430 | if (strncmp(cp, "/../"+1, 3) == 0) { | ||
| 431 | cp += 3; | ||
| 432 | continue; | ||
| 433 | } | ||
| 434 | cp2 = strstr(cp, "/../"); | ||
| 435 | if (cp2) { | ||
| 436 | cp = cp2 + 4; | ||
| 437 | continue; | ||
| 438 | } | ||
| 439 | break; | ||
| 440 | } | ||
| 441 | if (cp != file_header->name) { | ||
| 442 | if (!(archive_handle->ah_flags & ARCHIVE_TAR__TRUNC_WARNED)) { | ||
| 443 | archive_handle->ah_flags |= ARCHIVE_TAR__TRUNC_WARNED; | ||
| 444 | bb_error_msg("removing leading '%.*s'", (int)(cp - file_header->name), file_header->name); | ||
| 445 | } | ||
| 446 | overlapping_strcpy(file_header->name, cp); | ||
| 447 | } | ||
| 448 | 457 | ||
| 449 | /* Strip trailing '/' in directories */ | 458 | /* Strip trailing '/' in directories */ |
| 450 | /* Must be done after mode is set as '/' is used to check if it's a directory */ | 459 | /* Must be done after mode is set as '/' is used to check if it's a directory */ |
diff --git a/archival/tar.c b/archival/tar.c index 1e3cecf44..d43c8dee3 100644 --- a/archival/tar.c +++ b/archival/tar.c | |||
| @@ -397,17 +397,8 @@ static int FAST_FUNC writeFileToTarball(const char *fileName, struct stat *statb | |||
| 397 | 397 | ||
| 398 | DBG("writeFileToTarball('%s')", fileName); | 398 | DBG("writeFileToTarball('%s')", fileName); |
| 399 | 399 | ||
| 400 | /* Strip leading '/' (must be before memorizing hardlink's name) */ | 400 | /* Strip leading '/' and such (must be before memorizing hardlink's name) */ |
| 401 | header_name = fileName; | 401 | header_name = strip_unsafe_prefix(fileName); |
| 402 | while (header_name[0] == '/') { | ||
| 403 | static smallint warned; | ||
| 404 | |||
| 405 | if (!warned) { | ||
| 406 | bb_error_msg("removing leading '/' from member names"); | ||
| 407 | warned = 1; | ||
| 408 | } | ||
| 409 | header_name++; | ||
| 410 | } | ||
| 411 | 402 | ||
| 412 | if (header_name[0] == '\0') | 403 | if (header_name[0] == '\0') |
| 413 | return TRUE; | 404 | return TRUE; |