--- tar.c | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/tar.c b/tar.c index b1f3b27..0bd3fcf 100644 --- a/tar.c +++ b/tar.c _AT_@ -359,6 +359,27 @@ sanitize(struct header *h) } static void +sanitizepath(char *p) +{ + size_t l; + char *s; + + /* Strip leading '/' characters */ + while(*p == '/') { + l = strlen(p); + memmove(p, p+1, l - 1); + *(p + l - 1) = '\0'; + } + + /* Strip '../' from anywhere */ + while((s = strstr(p, "../")) != NULL) { + l = strlen(s); + memmove(s, s + 3, l - 3); + *(s + l - 3) = '\0'; + } +} + +static void chktar(struct header *h) { char tmp[8], *err; _AT_@ -407,6 +428,7 @@ xt(int argc, char *argv[], int (*fn)(char *, ssize_t, char[BLKSIZ])) (int)sizeof(h->prefix), h->prefix); snprintf(fname + n, sizeof(fname) - n, "%.*s", (int)sizeof(h->name), h->name); + sanitizepath(fname); if ((size = strtol(h->size, &p, 8)) < 0 || *p != '\0') eprintf("strtol %s: invalid number\n", h->size); -- 1.7.10.4 --ReaqsoxgOBHFXBhH--Received on Mon Sep 17 2001 - 00:00:00 CEST
This archive was generated by hypermail 2.3.0 : Mon Apr 27 2015 - 15:00:05 CEST