On Tuesday 01 March 2011 21:14, Alexander Shishkin wrote: > On 1 March 2011 18:18, Denys Vlasenko <vda.li...@googlemail.com> wrote: > > On Monday 28 February 2011 09:23, Alexey Soloviev wrote: > >> Hello, > >> Met 2 problems with tar and wander if they are new or known. > >> > >> Issue 1: tar doesn't restore files or directories added with relative > >> name starting with "../" > >> Scenario: > >> busybox tar -c -f archive.tar ../tobearchived > >> busybox tar -xf archive.tar > >> tar: name with '..' encountered: '../tobearchived' > >> > >> Gnu tar removes ../ from paths of archived files and directories, while > >> busybox's tar doesn't. > >> Should it be fixed? > >> Note that archive created by busybox tar on the 1st step can be restored > >> by gnu tar but not by busybox's. > > > > Proposed patch. > > This doesn't address the archive creation case, in which GNU tar would strip > the /../ just as well.
Doesn't look like it's worth fixing, since unpacking code mush be prepared to see malicious tarballs anyway. > Otherwise it's pretty much the same as what I've come up > with earlier today. :) With your patch we have 20+ bytes growth in data: function old new delta text data bss dec hex filename 871090 493 7584 879167 d6a3f busybox_old 871087 517 7584 879188 d6a54 busybox_unstripped -- vda _______________________________________________ busybox mailing list busybox@busybox.net http://lists.busybox.net/mailman/listinfo/busybox
