On Wednesday 02 March 2011 00:58, Denys Vlasenko wrote: > On Tuesday 01 March 2011 21:14, Alexander Shishkin wrote: > > On 1 March 2011 18:18, Denys Vlasenko <vda.li...@googlemail.com> wrote: > > > On Monday 28 February 2011 09:23, Alexey Soloviev wrote: > > >> Hello, > > >> Met 2 problems with tar and wander if they are new or known. > > >> > > >> Issue 1: tar doesn't restore files or directories added with relative > > >> name starting with "../" > > >> Scenario: > > >> busybox tar -c -f archive.tar ../tobearchived > > >> busybox tar -xf archive.tar > > >> tar: name with '..' encountered: '../tobearchived' > > >> > > >> Gnu tar removes ../ from paths of archived files and directories, while > > >> busybox's tar doesn't. > > >> Should it be fixed? > > >> Note that archive created by busybox tar on the 1st step can be restored > > >> by gnu tar but not by busybox's. > > > > > > Proposed patch. > > > > This doesn't address the archive creation case, in which GNU tar would strip > > the /../ just as well. > > Doesn't look like it's worth fixing, since unpacking code must be prepared > to see malicious tarballs anyway.
Hmm... it turned out that fixing it actually decreased code size. I committed the fix to git: http://git.busybox.net/busybox/commit/?id=b80acf58f16339078da5cbee88a322f2450aa2ad Thanks! -- vda _______________________________________________ busybox mailing list busybox@busybox.net http://lists.busybox.net/mailman/listinfo/busybox