wok diff busybox/stuff/busybox-1.28-unsafesymlink.u @ rev 20205
Up busybox (1.18.1)
| author | Pascal Bellard <pascal.bellard@slitaz.org> |
|---|---|
| date | Tue Feb 20 18:10:43 2018 +0100 (2018-02-20) |
| parents | |
| children |
line diff
1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 1.2 +++ b/busybox/stuff/busybox-1.28-unsafesymlink.u Tue Feb 20 18:10:43 2018 +0100 1.3 @@ -0,0 +1,23 @@ 1.4 +skip unsafe_symlink_target check: avoid relative links in packages. 1.5 +--- busybox-1.28.1/archival/libarchive/data_extract_all.c 1.6 ++++ busybox-1.28.1/archival/libarchive/data_extract_all.c 1.7 +@@ -198,7 +198,7 @@ 1.8 + * 1.9 + * Untarring bug.tar would otherwise place evil.py in '/tmp'. 1.10 + */ 1.11 +- if (!unsafe_symlink_target(file_header->link_target)) { 1.12 ++ { 1.13 + res = symlink(file_header->link_target, dst_name); 1.14 + if (res != 0 1.15 + && !(archive_handle->ah_flags & ARCHIVE_EXTRACT_QUIET) 1.16 +--- busybox-1.28.1/archival/unzip.c 1.17 ++++ busybox-1.28.1/archival/unzip.c 1.18 +@@ -368,7 +368,7 @@ 1.19 + target[xstate.mem_output_size] = '\0'; 1.20 + #endif 1.21 + } 1.22 +- if (!unsafe_symlink_target(target)) { 1.23 ++ { 1.24 + //TODO: libbb candidate 1.25 + if (symlink(target, dst_fn)) { 1.26 + /* shared message */