diff options
author | Denys Vlasenko | 2015-02-10 01:30:43 +0100 |
---|---|---|
committer | Denys Vlasenko | 2015-02-10 01:30:43 +0100 |
commit | 8c06bc6ba14949d945eff0abcabab885f1ef7680 (patch) | |
tree | 438b36b8264a1b257d4fb3e6293dcda1a4ac9d35 /archival/libarchive/get_header_tar.c | |
parent | 23cfaab47de7392c1ba7d601a05fb36da3629b28 (diff) | |
download | busybox-8c06bc6ba14949d945eff0abcabab885f1ef7680.zip busybox-8c06bc6ba14949d945eff0abcabab885f1ef7680.tar.gz |
unzip: prevent attacks via malicious filenames
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Diffstat (limited to 'archival/libarchive/get_header_tar.c')
-rw-r--r-- | archival/libarchive/get_header_tar.c | 30 |
1 files changed, 0 insertions, 30 deletions
diff --git a/archival/libarchive/get_header_tar.c b/archival/libarchive/get_header_tar.c index ba43bb0..0c663fb 100644 --- a/archival/libarchive/get_header_tar.c +++ b/archival/libarchive/get_header_tar.c @@ -17,36 +17,6 @@ typedef uint32_t aliased_uint32_t FIX_ALIASING; typedef off_t aliased_off_t FIX_ALIASING; - -const char* FAST_FUNC strip_unsafe_prefix(const char *str) -{ - const char *cp = str; - while (1) { - char *cp2; - if (*cp == '/') { - cp++; - continue; - } - if (strncmp(cp, "/../"+1, 3) == 0) { - cp += 3; - continue; - } - cp2 = strstr(cp, "/../"); - if (!cp2) - break; - cp = cp2 + 4; - } - if (cp != str) { - static smallint warned = 0; - if (!warned) { - warned = 1; - bb_error_msg("removing leading '%.*s' from member names", - (int)(cp - str), str); - } - } - return cp; -} - /* NB: _DESTROYS_ str[len] character! */ static unsigned long long getOctal(char *str, int len) { |