Both patches work Thanks
Nick On Tue, Oct 02, 2007 at 12:56:59AM +0300, Sergey Poznyakoff wrote: > Nicholas Cole <[EMAIL PROTECTED]> ha escrit: > > > This patch causes tar to strip leading / from rename codes during > > creation. Can you also patch tar to strip leading / from rename > > codes during extraction? This would prevent odd behaivor when > > extracting an archive created with an unpatched version of tar and > > prevent malicious use of rename codes > > Yes, this is reasonable. Here is a patch. > > Regards, > Sergey > > Index: src/incremen.c > =================================================================== > RCS file: /cvsroot/tar/tar/src/incremen.c,v > retrieving revision 1.58 > diff -p -u -r1.58 incremen.c > --- src/incremen.c 29 Sep 2007 00:47:59 -0000 1.58 > +++ src/incremen.c 1 Oct 2007 21:54:17 -0000 > @@ -1410,6 +1410,19 @@ try_purge_directory (char const *directo > arc += strlen (arc) + 1; > dst = arc + 1; > > + /* Ensure that neither source nor destination are absolute file > + names (unless permitted by -P option), and that they do not > + contain dubious parts (e.g. ../). > + > + This is an extra safety precaution. Besides, it might be > + necessary to extract from archives created with tar versions > + prior to 1.19. */ > + > + if (*src) > + src = safer_name_suffix (src, false, absolute_names_option); > + if (*dst) > + dst = safer_name_suffix (dst, false, absolute_names_option); > + > if (*src == 0) > src = temp_stub; > else if (*dst == 0) > > -- Nicholas Cole [EMAIL PROTECTED]
