|
Line
Link Here
|
| 0 |
-- unarj.c |
0 |
++ unarj.c |
|
Lines 84-89
Link Here
|
| 84 |
#include <console.h> |
84 |
#include <console.h> |
| 85 |
#endif |
85 |
#endif |
| 86 |
|
86 |
|
|
|
87 |
#include <alloca.h> |
| 88 |
|
| 87 |
/* Global variables */ |
89 |
/* Global variables */ |
| 88 |
|
90 |
|
| 89 |
UCRC crc; |
91 |
UCRC crc; |
|
Lines 584-589
Link Here
|
| 584 |
return -1; /* could not find a valid header */ |
586 |
return -1; /* could not find a valid header */ |
| 585 |
} |
587 |
} |
| 586 |
|
588 |
|
|
|
589 |
/* avoid extracting outside of current directory */ |
| 590 |
static void sanitize_filename(char *sane, char *insane, size_t len) |
| 591 |
{ |
| 592 |
char broken[] = "broken_filename"; |
| 593 |
char *tmp, *next, *cur, *_sane = sane; |
| 594 |
|
| 595 |
tmp = alloca(len + sizeof(broken)); |
| 596 |
cur = NULL; |
| 597 |
|
| 598 |
strncpy(tmp, insane, len); |
| 599 |
tmp[len] = '\0'; |
| 600 |
sane[0] = '\0'; |
| 601 |
|
| 602 |
for(next = strtok(tmp, "/"); next; next = strtok(NULL, "/")) { |
| 603 |
if(cur) { |
| 604 |
strcpy(sane, cur); |
| 605 |
sane += strlen(cur); |
| 606 |
strcpy(sane, "/"); |
| 607 |
sane++; |
| 608 |
} |
| 609 |
if(!strcmp(".", next) || !strcmp("..", next)) |
| 610 |
cur = NULL; |
| 611 |
else |
| 612 |
cur = next; |
| 613 |
} |
| 614 |
|
| 615 |
if(cur) |
| 616 |
strcpy(sane, cur); |
| 617 |
else |
| 618 |
strcpy(sane, broken); |
| 619 |
|
| 620 |
entry_pos = sane - _sane; |
| 621 |
} |
| 622 |
|
| 587 |
static int |
623 |
static int |
| 588 |
read_header(first, fd, name) |
624 |
read_header(first, fd, name) |
| 589 |
int first; |
625 |
int first; |
|
Lines 634-640
Link Here
|
| 634 |
error(M_HEADRCRC, ""); |
670 |
error(M_HEADRCRC, ""); |
| 635 |
|
671 |
|
| 636 |
hdr_filename = (char *)&header[first_hdr_size]; |
672 |
hdr_filename = (char *)&header[first_hdr_size]; |
| 637 |
strncopy(filename, hdr_filename, sizeof(filename)); |
673 |
switch(file_type) { |
|
|
674 |
case 0: /* binary */ |
| 675 |
case 1: /* text */ |
| 676 |
case 3: /* directory */ |
| 677 |
sanitize_filename(filename, hdr_filename, sizeof(filename)); |
| 678 |
break; |
| 679 |
default: |
| 680 |
strncopy(filename, hdr_filename, sizeof(filename)); |
| 681 |
} |
| 638 |
if (host_os != OS) |
682 |
if (host_os != OS) |
| 639 |
strparity((uchar *)filename); |
683 |
strparity((uchar *)filename); |
| 640 |
if ((arj_flags & PATHSYM_FLAG) != 0) |
684 |
if ((arj_flags & PATHSYM_FLAG) != 0) |