Don't edit permissions of pre-existing directories during extract.

This closes a security hole.  Otherwise, libarchive will happily
extract into directories to which it lacks write permissions by
resetting the permissions during the extract.

Thanks to: Kris Kennaway
This commit is contained in:
Tim Kientzle 2004-08-26 03:53:43 +00:00
parent c85db499ac
commit 2522fe6764
Notes: svn2git 2020-12-20 02:59:44 +00:00
svn path=/head/; revision=134328

View File

@ -479,7 +479,7 @@ extract_dir(struct archive *a, struct archive_entry *entry, int flags)
if (extract->pst != NULL) { if (extract->pst != NULL) {
extract->pst = &extract->st; extract->pst = &extract->st;
if (S_ISDIR(extract->pst->st_mode)) if (S_ISDIR(extract->pst->st_mode))
goto success; return (ARCHIVE_OK);
/* It exists but isn't a dir. */ /* It exists but isn't a dir. */
if ((flags & ARCHIVE_EXTRACT_UNLINK)) if ((flags & ARCHIVE_EXTRACT_UNLINK))
unlink(path); unlink(path);