317d1a5f0a
attackers to overwrite arbitrary files durring extraction via a ".." in an extracted filename. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0399
25 lines
727 B
Plaintext
25 lines
727 B
Plaintext
$OpenBSD: patch-src_extract_c,v 1.1 2002/10/01 02:03:52 brad Exp $
|
|
--- src/extract.c.orig Mon Sep 24 14:55:17 2001
|
|
+++ src/extract.c Mon Sep 30 21:39:17 2002
|
|
@@ -1019,10 +1019,19 @@ extract_archive (void)
|
|
{
|
|
struct stat st1, st2;
|
|
int e;
|
|
+ size_t skiplinkcrud;
|
|
+
|
|
+ if (absolute_names_option)
|
|
+ skiplinkcrud = 0;
|
|
+ else {
|
|
+ skiplinkcrud = FILESYSTEM_PREFIX_LEN (current_link_name);
|
|
+ while (ISSLASH (current_link_name[skiplinkcrud]))
|
|
+ skiplinkcrud++;
|
|
+ }
|
|
|
|
/* MSDOS does not implement links. However, djgpp's link() actually
|
|
copies the file. */
|
|
- status = link (current_link_name, CURRENT_FILE_NAME);
|
|
+ status = link (current_link_name + skiplinkcrud, CURRENT_FILE_NAME);
|
|
|
|
if (status == 0)
|
|
{
|