View | Details | Raw Unified | Return to bug 62184
Collapse All | Expand All

(-)file_not_specified_in_diff (-2 / +41 lines)
Line  Link Here
0 
-- unarj.c
 0 
++ unarj.c
Lines 84-89 Link Here
84 
#include <console.h>
 84 
#include <console.h>
85 
#endif
 85 
#endif
86 

          86
          

        

            

              
              
              87
              
#include <alloca.h>

            

            

              88
              

            

        

          87
          
/* Global variables */

          89
          
/* Global variables */

        

        

          88
          

          90
          

        

        

          89
          
UCRC   crc;

          91
          
UCRC   crc;

        

  

    
      
            Lines 584-589
          
      
      
        Link Here
      
    
  

        

          584
          
    return -1;          /* could not find a valid header */

          586
          
    return -1;          /* could not find a valid header */

        

        

          585
          
}

          587
          
}

        

        

          586
          

          588
          

        

            

              
              
              589
              
/* avoid extracting outside of current directory */

            

            

              590
              
static void sanitize_filename(char *sane, char *insane, size_t len)

            

            

              591
              
{

            

            

              592
              
	char *tmp, *next, *cur, *_sane = sane;

            

            

              593
              
	

            

            

              594
              
	tmp = alloca(len);

            

            

              595
              
	cur = NULL;

            

            

              596
              

            

            

              597
              
	strncopy(tmp, insane, len);

            

            

              598
              
	tmp[len] = '\0';

            

            

              599
              
	

            

            

              600
              
	for(next = strtok(tmp, "/"); next; next = strtok(NULL, "/")) {

            

            

              601
              
		if(!strcmp(".", next) || !strcmp("..", next))

            

            

              602
              
			continue;

            

            

              603
              
		if(cur) {

            

            

              604
              
			strcpy(sane, cur);

            

            

              605
              
			sane += strlen(cur);

            

            

              606
              
			strcpy(sane, "/");

            

            

              607
              
			sane++;

            

            

              608
              
		}

            

            

              609
              
		cur = next;

            

            

              610
              
	}

            

            

              611
              
	

            

            

              612
              
	if(cur)

            

            

              613
              
		strcpy(sane, cur);

            

            

              614
              
	

            

            

              615
              
	entry_pos = sane - _sane;

            

            

              616
              
}

            

            

              617
              

            

        

          587
          
static int

          618
          
static int

        

        

          588
          
read_header(first, fd, name)

          619
          
read_header(first, fd, name)

        

        

          589
          
int  first;

          620
          
int  first;

        

  

    
      
            Lines 634-640
          
      
      
        Link Here
      
    
  

        

          634
          
        error(M_HEADRCRC, "");

          665
          
        error(M_HEADRCRC, "");

        

        

          635
          

          666
          

        

        

          636
          
    hdr_filename = (char *)&header[first_hdr_size];

          667
          
    hdr_filename = (char *)&header[first_hdr_size];

        

          
            

              637
              
    strncopy(filename, hdr_filename, sizeof(filename));


              668
              
    switch(file_type) {

            

            

              
              

              669
              
    case 0: /* binary */

            

            


              670
              
    case 1: /* text */

            

            


              671
              
    case 3: /* directory */

            

            


              672
              
	sanitize_filename(filename, hdr_filename, sizeof(filename));

            

            


              673
              
	break;

            

            


              674
              
    default:

            

            


              675
              
	strncopy(filename, hdr_filename, sizeof(filename));

            

            


              676
              
    }

            

        

          638
          
    if (host_os != OS)

          677
          
    if (host_os != OS)

        

        

          639
          
        strparity((uchar *)filename);

          678
          
        strparity((uchar *)filename);

        

        

          640
          
    if ((arj_flags & PATHSYM_FLAG) != 0)

          679
          
    if ((arj_flags & PATHSYM_FLAG) != 0)

        






  

  Return to bug 62184