Befator-Inc-Firmen-Netzwerk/MSYS2-packages
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 1 Wiki Activity
MSYS2-packages/tar/paxutils-Prevent-file-name-escape.patch
Christoph Reiter 0ebe592409 tar: backport windows specific fix 
* checksums of old patches are updated since they include the cgit version
* the backports had various context conflicts, so adjust the patch
* switch to ftpmirror, ftp.gnu is not usable right now

Note that paxlib/names.c from paxutils is vendored as lib/paxnames.c in tar.
2025-10-10 21:21:40 +02:00

76 lines
2.4 KiB
Diff
Raw Blame History

--- tar-1.35/lib/paxnames.c.orig 2023-05-18 07:34:00.000000000 +0200
+++ tar-1.35/lib/paxnames.c 2025-10-10 12:49:36.700734800 +0200
@@ -90,50 +81,45 @@
|| (prefix_table[1] && hash_get_n_entries (prefix_table[1]) != 0);
}
-/* Return a safer suffix of FILE_NAME, or "." if it has no safer
- suffix. Check for fully specified file names and other atrocities.
- Warn the user if we do not return NAME. If LINK_TARGET is 1,
+/* Return a safer suffix of FILE_NAME, or "." if it has no safer suffix.
+ Skip any sequence of prefixes each of which would cause
+ the file name to escape the working directory on this platform.
+ Warn the user if we do not return NAME. If LINK_TARGET,
FILE_NAME is the target of a hard link, not a member name.
- If ABSOLUTE_NAMES is 0, strip filesystem prefix from the file name. */
+ However, if ABSOLUTE_NAMES, do not skip prefixes, but instead
+ return FILE_NAME if nonempty, "." otherwise. */
char *
safer_name_suffix (char const *file_name, bool link_target,
bool absolute_names)
{
- char const *p;
+ char const *p = file_name;
- if (absolute_names)
- p = file_name;
- else
+ if (!absolute_names)
{
- /* Skip file system prefixes, leading file name components that contain
- "..", and leading slashes. */
-
- size_t prefix_len = FILE_SYSTEM_PREFIX_LEN (file_name);
-
- for (p = file_name + prefix_len; *p; )
+ /* Skip any sequences of prefixes each of which would cause the
+ resulting file name to escape the working directory on this platform.
+ The resulting file name is relative, not absolute. */
+ for (;;)
{
- if (p[0] == '.' && p[1] == '.' && (ISSLASH (p[2]) || !p[2]))
- prefix_len = p + 2 - file_name;
-
- do
+ if (ISSLASH (*p))
+ p++;
+ else if (p[0] == '.' && p[1] == '.' && (ISSLASH (p[2]) || !p[2]))
+ p += 2;
+ else
{
- char c = *p++;
- if (ISSLASH (c))
+ int prefix_len = FILE_SYSTEM_PREFIX_LEN (p);
+ if (prefix_len == 0)
break;
+ p += prefix_len;
}
- while (*p);
}
- for (p = file_name + prefix_len; ISSLASH (*p); p++)
- continue;
- prefix_len = p - file_name;
-
- if (prefix_len)
+ if (p != file_name)
{
const char *prefix;
if (hash_string_insert_prefix (&prefix_table[link_target], file_name,
- prefix_len, &prefix))
+ p - file_name, &prefix))
{
static char const *const diagnostic[] =
{
Reference in New Issue View Git Blame Copy Permalink