Don't edit permissions of pre-existing directories during extract.
This closes a security hole. Otherwise, libarchive will happily extract into directories to which it lacks write permissions by resetting the permissions during the extract. Thanks to: Kris Kennaway
This commit is contained in:
parent
c85db499ac
commit
2522fe6764
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=134328
@ -479,7 +479,7 @@ extract_dir(struct archive *a, struct archive_entry *entry, int flags)
|
||||
if (extract->pst != NULL) {
|
||||
extract->pst = &extract->st;
|
||||
if (S_ISDIR(extract->pst->st_mode))
|
||||
goto success;
|
||||
return (ARCHIVE_OK);
|
||||
/* It exists but isn't a dir. */
|
||||
if ((flags & ARCHIVE_EXTRACT_UNLINK))
|
||||
unlink(path);
|
||||
|
Loading…
Reference in New Issue
Block a user