Path: blob/main/archivers/lha/files/patch-lhext.c
16147 views
--- src/lhext.c.orig 2000-10-04 14:57:38 UTC1+++ src/lhext.c2@@ -143,13 +143,13 @@ adjust_info(name, hdr)3char *name;4LzHeader *hdr;5{6- time_t utimebuf[2];7+ struct utimbuf utimebuf;89/* adjust file stamp */10- utimebuf[0] = utimebuf[1] = hdr->unix_last_modified_stamp;11+ utimebuf.actime = utimebuf.modtime = hdr->unix_last_modified_stamp;1213if ((hdr->unix_mode & UNIX_FILE_TYPEMASK) != UNIX_FILE_SYMLINK)14- utime(name, utimebuf);15+ utime(name, &utimebuf);1617if (hdr->extend_type == EXTEND_UNIX18|| hdr->extend_type == EXTEND_OS68K19@@ -190,8 +190,13 @@ extract_one(afp, hdr)20q = (char *) rindex(hdr->name, '/') + 1;21}22else {23+ if (is_directory_traversal(q)) {24+ fprintf(stderr, "Possible directory traversal hack attempt in %s\n", q);25+ exit(111);26+ }27+28if (*q == '/') {29- q++;30+ while (*q == '/') { q++; }31/*32* if OSK then strip device name33*/34@@ -351,10 +356,13 @@ extract_one(afp, hdr)35}3637unlink(bb1);38+ make_parent_path(bb1);39l_code = symlink(bb2, bb1);40if (l_code < 0) {41- if (quiet != TRUE)42- warning("Can't make Symbolic Link : ");43+ if (quiet != TRUE) {44+ sprintf(buf, "%s -> %s", bb1, bb2);45+ warning("Can't make Symbolic Link : ", buf);46+ }47}48if (quiet != TRUE) {49printf("Symbolic Link %s -> %s\n", bb1, bb2);50@@ -419,6 +427,33 @@ cmd_extract()51return;52}5354+int55+is_directory_traversal(char *string)56+{57+ unsigned int type = 0; /* 0 = new, 1 = only dots, 2 = other chars than dots */58+ char *temp;59+60+ temp = string;61+62+ while (*temp != 0) {63+ if (temp[0] == '/') {64+ if (type == 1) { return 1; }65+ type = 0;66+ temp++;67+ continue;68+ }69+70+ if ((temp[0] == '.') && (type < 2))71+ type = 1;72+ if (temp[0] != '.')73+ type = 2;74+75+ temp++;76+ } /* while */77+78+ return (type == 1);79+}80+81/* Local Variables: */82/* mode:c */83/* tab-width:4 */848586