61 lines
1.3 KiB
Plaintext
61 lines
1.3 KiB
Plaintext
$OpenBSD: patch-src_lhext_c,v 1.1 2004/05/06 23:07:57 naddy Exp $
|
|
--- src/lhext.c.orig 2000-10-04 16:57:38.000000000 +0200
|
|
+++ src/lhext.c 2004-05-07 01:00:10.000000000 +0200
|
|
@@ -190,8 +190,13 @@ extract_one(afp, hdr)
|
|
q = (char *) rindex(hdr->name, '/') + 1;
|
|
}
|
|
else {
|
|
+ if (is_directory_traversal(q)) {
|
|
+ fprintf(stderr, "Possible directory traversal hack attempt in %s\n", q);
|
|
+ exit(111);
|
|
+ }
|
|
+
|
|
if (*q == '/') {
|
|
- q++;
|
|
+ while (*q == '/') { q++; }
|
|
/*
|
|
* if OSK then strip device name
|
|
*/
|
|
@@ -351,6 +356,7 @@ extract_one(afp, hdr)
|
|
}
|
|
|
|
unlink(bb1);
|
|
+ make_parent_path(bb1);
|
|
l_code = symlink(bb2, bb1);
|
|
if (l_code < 0) {
|
|
if (quiet != TRUE)
|
|
@@ -419,6 +425,33 @@ cmd_extract()
|
|
return;
|
|
}
|
|
|
|
+int
|
|
+is_directory_traversal(char *string)
|
|
+{
|
|
+ unsigned int type = 0; /* 0 = new, 1 = only dots, 2 = other chars than dots */
|
|
+ char *temp;
|
|
+
|
|
+ temp = string;
|
|
+
|
|
+ while (*temp != 0) {
|
|
+ if (temp[0] == '/') {
|
|
+ if (type == 1) { return 1; }
|
|
+ type = 0;
|
|
+ temp++;
|
|
+ continue;
|
|
+ }
|
|
+
|
|
+ if ((temp[0] == '.') && (type < 2))
|
|
+ type = 1;
|
|
+ if (temp[0] != '.')
|
|
+ type = 2;
|
|
+
|
|
+ temp++;
|
|
+ } /* while */
|
|
+
|
|
+ return (type == 1);
|
|
+}
|
|
+
|
|
/* Local Variables: */
|
|
/* mode:c */
|
|
/* tab-width:4 */
|