wok view busybox/stuff/busybox-1.28-unsafesymlink.u @ rev 20235
busybox: add arch (uname -m alias)
| author | Pascal Bellard <pascal.bellard@slitaz.org> |
|---|---|
| date | Mon Mar 05 15:52:59 2018 +0100 (2018-03-05) |
| parents | |
| children |
line source
1 skip unsafe_symlink_target check: avoid relative links in packages.
2 --- busybox-1.28.1/archival/libarchive/data_extract_all.c
3 +++ busybox-1.28.1/archival/libarchive/data_extract_all.c
4 @@ -198,7 +198,7 @@
5 *
6 * Untarring bug.tar would otherwise place evil.py in '/tmp'.
7 */
8 - if (!unsafe_symlink_target(file_header->link_target)) {
9 + {
10 res = symlink(file_header->link_target, dst_name);
11 if (res != 0
12 && !(archive_handle->ah_flags & ARCHIVE_EXTRACT_QUIET)
13 --- busybox-1.28.1/archival/unzip.c
14 +++ busybox-1.28.1/archival/unzip.c
15 @@ -368,7 +368,7 @@
16 target[xstate.mem_output_size] = '\0';
17 #endif
18 }
19 - if (!unsafe_symlink_target(target)) {
20 + {
21 //TODO: libbb candidate
22 if (symlink(target, dst_fn)) {
23 /* shared message */