wok view busybox/stuff/busybox-1.28-unsafesymlink.u @ rev 20439

php-common: fix extension_dir in /etc/php.ini (again)
author Pascal Bellard <pascal.bellard@slitaz.org>
date Sun Sep 09 11:31:24 2018 +0200 (2018-09-09)
parents
children
line source
1 skip unsafe_symlink_target check: avoid relative links in packages.
2 --- busybox-1.28.1/archival/libarchive/data_extract_all.c
3 +++ busybox-1.28.1/archival/libarchive/data_extract_all.c
4 @@ -198,7 +198,7 @@
5 *
6 * Untarring bug.tar would otherwise place evil.py in '/tmp'.
7 */
8 - if (!unsafe_symlink_target(file_header->link_target)) {
9 + {
10 res = symlink(file_header->link_target, dst_name);
11 if (res != 0
12 && !(archive_handle->ah_flags & ARCHIVE_EXTRACT_QUIET)
13 --- busybox-1.28.1/archival/unzip.c
14 +++ busybox-1.28.1/archival/unzip.c
15 @@ -368,7 +368,7 @@
16 target[xstate.mem_output_size] = '\0';
17 #endif
18 }
19 - if (!unsafe_symlink_target(target)) {
20 + {
21 //TODO: libbb candidate
22 if (symlink(target, dst_fn)) {
23 /* shared message */