[gnome-autoar/wip/oholy/various-fixes: 20/23] Revert "AutoarExtractor: Do not extract files outside the destination dir"
- From: Ondrej Holy <oholy src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [gnome-autoar/wip/oholy/various-fixes: 20/23] Revert "AutoarExtractor: Do not extract files outside the destination dir"
- Date: Fri, 12 Mar 2021 15:42:21 +0000 (UTC)
commit c678fcd2e0ce7ea6893d6f1b6901bea91993ab4e
Author: Ondrej Holy <oholy redhat com>
Date: Mon Mar 1 17:18:07 2021 +0100
Revert "AutoarExtractor: Do not extract files outside the destination dir"
This reverts commit adb067e645732fdbe7103516e506d09eb6a54429.
gnome-autoar/autoar-extractor.c | 63 +++++++----------------------------------
1 file changed, 10 insertions(+), 53 deletions(-)
---
diff --git a/gnome-autoar/autoar-extractor.c b/gnome-autoar/autoar-extractor.c
index eaccafe..4c64a50 100644
--- a/gnome-autoar/autoar-extractor.c
+++ b/gnome-autoar/autoar-extractor.c
@@ -872,67 +872,32 @@ autoar_extractor_get_common_prefix (GList *files,
return prefix;
}
-static gboolean
-is_valid_filename (GFile *file, GFile *destination)
-{
- g_autoptr (GFile) parent = NULL;
- g_autoptr (GFileInfo) info = NULL;
-
- if (g_file_equal (file, destination))
- return TRUE;
-
- if (!g_file_has_prefix (file, destination))
- return FALSE;
-
- /* Resolve symbolic link ancestors to confirm file is actually inside destination. */
- parent = g_file_get_parent (file);
- info = g_file_query_info (parent,
- G_FILE_ATTRIBUTE_STANDARD_IS_SYMLINK ","
- G_FILE_ATTRIBUTE_STANDARD_SYMLINK_TARGET,
- G_FILE_QUERY_INFO_NOFOLLOW_SYMLINKS,
- NULL,
- NULL);
- if (info == NULL)
- return FALSE;
-
- if (g_file_info_get_is_symlink (info)) {
- g_autoptr (GFile) cwd = NULL;
- const gchar *target;
-
- target = g_file_info_get_symlink_target (info);
- if (g_path_is_absolute (target))
- return FALSE;
-
- cwd = g_file_get_parent (parent);
- g_object_unref (parent);
- parent = g_file_resolve_relative_path (cwd, target);
- }
-
- /* Climb up the path to resolve every symbolic link ancestor found */
- return is_valid_filename (parent, destination);
-}
-
static GFile*
autoar_extractor_do_sanitize_pathname (AutoarExtractor *self,
const char *pathname_bytes)
{
GFile *extracted_filename;
gboolean valid_filename;
- g_autofree char *sanitized_pathname = NULL;
+ g_autofree char *sanitized_pathname;
g_autofree char *utf8_pathname;
utf8_pathname = autoar_common_get_utf8_pathname (pathname_bytes);
extracted_filename = g_file_get_child (self->destination_dir,
utf8_pathname ? utf8_pathname : pathname_bytes);
- valid_filename = is_valid_filename (extracted_filename, self->destination_dir);
+ valid_filename =
+ g_file_equal (extracted_filename, self->destination_dir) ||
+ g_file_has_prefix (extracted_filename, self->destination_dir);
+
if (!valid_filename) {
- g_warning ("autoar_extractor_do_sanitize_pathname: %s is outside of the destination dir",
- g_file_peek_path (extracted_filename));
+ g_autofree char *basename;
+
+ basename = g_file_get_basename (extracted_filename);
g_object_unref (extracted_filename);
- return NULL;
+ extracted_filename = g_file_get_child (self->destination_dir,
+ basename);
}
if (self->prefix != NULL && self->new_prefix != NULL) {
@@ -1911,18 +1876,10 @@ autoar_extractor_step_extract (AutoarExtractor *self) {
extracted_filename =
autoar_extractor_do_sanitize_pathname (self, pathname);
- if (extracted_filename == NULL) {
- archive_read_data_skip (a);
- continue;
- }
if (hardlink != NULL) {
hardlink_filename =
autoar_extractor_do_sanitize_pathname (self, hardlink);
- if (hardlink_filename == NULL) {
- archive_read_data_skip (a);
- continue;
- }
}
/* Attempt to solve any name conflict before doing any operations */
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
