summaryrefslogtreecommitdiff
path: root/archival/unzip.c
diff options
context:
space:
mode:
authorDenys Vlasenko2015-02-10 01:30:43 +0100
committerDenys Vlasenko2015-02-10 01:30:43 +0100
commit8c06bc6ba14949d945eff0abcabab885f1ef7680 (patch)
tree438b36b8264a1b257d4fb3e6293dcda1a4ac9d35 /archival/unzip.c
parent23cfaab47de7392c1ba7d601a05fb36da3629b28 (diff)
downloadbusybox-8c06bc6ba14949d945eff0abcabab885f1ef7680.zip
busybox-8c06bc6ba14949d945eff0abcabab885f1ef7680.tar.gz
unzip: prevent attacks via malicious filenames
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Diffstat (limited to 'archival/unzip.c')
-rw-r--r--archival/unzip.c35
1 files changed, 24 insertions, 11 deletions
diff --git a/archival/unzip.c b/archival/unzip.c
index 38a07e2..eed2256 100644
--- a/archival/unzip.c
+++ b/archival/unzip.c
@@ -596,14 +596,18 @@ int unzip_main(int argc, char **argv)
/* Skip extra header bytes */
unzip_skip(zip_header.formatted.extra_len);
+ /* Guard against "/abspath", "/../" and similar attacks */
+ overlapping_strcpy(dst_fn, strip_unsafe_prefix(dst_fn));
+
/* Filter zip entries */
if (find_list_entry(zreject, dst_fn)
|| (zaccept && !find_list_entry(zaccept, dst_fn))
) { /* Skip entry */
i = 'n';
- } else { /* Extract entry */
- if (listing) { /* List entry */
+ } else {
+ if (listing) {
+ /* List entry */
unsigned dostime = zip_header.formatted.modtime | (zip_header.formatted.moddate << 16);
if (!verbose) {
// " Length Date Time Name\n"
@@ -639,9 +643,11 @@ int unzip_main(int argc, char **argv)
total_size += zip_header.formatted.cmpsize;
}
i = 'n';
- } else if (dst_fd == STDOUT_FILENO) { /* Extracting to STDOUT */
+ } else if (dst_fd == STDOUT_FILENO) {
+ /* Extracting to STDOUT */
i = -1;
- } else if (last_char_is(dst_fn, '/')) { /* Extract directory */
+ } else if (last_char_is(dst_fn, '/')) {
+ /* Extract directory */
if (stat(dst_fn, &stat_buf) == -1) {
if (errno != ENOENT) {
bb_perror_msg_and_die("can't stat '%s'", dst_fn);
@@ -655,22 +661,27 @@ int unzip_main(int argc, char **argv)
}
} else {
if (!S_ISDIR(stat_buf.st_mode)) {
- bb_error_msg_and_die("'%s' exists but is not directory", dst_fn);
+ bb_error_msg_and_die("'%s' exists but is not a %s",
+ dst_fn, "directory");
}
}
i = 'n';
- } else { /* Extract file */
+ } else {
+ /* Extract file */
check_file:
- if (stat(dst_fn, &stat_buf) == -1) { /* File does not exist */
+ if (stat(dst_fn, &stat_buf) == -1) {
+ /* File does not exist */
if (errno != ENOENT) {
bb_perror_msg_and_die("can't stat '%s'", dst_fn);
}
i = 'y';
- } else { /* File already exists */
+ } else {
+ /* File already exists */
if (overwrite == O_NEVER) {
i = 'n';
- } else if (S_ISREG(stat_buf.st_mode)) { /* File is regular file */
+ } else if (S_ISREG(stat_buf.st_mode)) {
+ /* File is regular file */
if (overwrite == O_ALWAYS) {
i = 'y';
} else {
@@ -678,8 +689,10 @@ int unzip_main(int argc, char **argv)
my_fgets80(key_buf);
i = key_buf[0];
}
- } else { /* File is not regular file */
- bb_error_msg_and_die("'%s' exists but is not regular file", dst_fn);
+ } else {
+ /* File is not regular file */
+ bb_error_msg_and_die("'%s' exists but is not a %s",
+ dst_fn, "regular file");
}
}
}