Fail copying path/.. only if SECURE_NODOTDOT was specified.

Since we already warn for any '..' elements in that case, the extra "lastdotdot" tracking turns out to be unnecessary. PR: bin/124924
2008-08-24 05:42:22 +00:00 · 2008-08-24 05:42:22 +00:00 · b9364a48e5
commit b9364a48e5
parent 47317d6e6d
2 changed files with 7 additions and 15 deletions
--- a/lib/libarchive/Makefile
+++ b/lib/libarchive/Makefile
@ -227,4 +227,8 @@ MLINKS+=	libarchive.3 archive.3
 check test:
 	cd ${.CURDIR}/test && make test

+myclean:
+	rm -f ${CLEANFILES}
+	cd ${.CURDIR}/test && make clean
+
 .include <bsd.lib.mk>
--- a/lib/libarchive/archive_write_disk.c
+++ b/lib/libarchive/archive_write_disk.c
@ -1350,7 +1350,6 @@ cleanup_pathname(struct archive_write_disk *a)
 {
 	char *dest, *src;
 	char separator = '\0';
-	int lastdotdot = 0; /* True if last elt copied was '..' */

 	dest = src = a->name;
 	if (*src == '\0') {
@ -1389,9 +1388,7 @@ cleanup_pathname(struct archive_write_disk *a)
 						    "Path contains '..'");
 						return (ARCHIVE_FAILED);
 					}
-					lastdotdot = 1;
-				} else
-					lastdotdot = 0;
+				}
 				/*
 				 * Note: Under no circumstances do we
 				 * remove '..' elements.  In
@ -1399,10 +1396,8 @@ cleanup_pathname(struct archive_write_disk *a)
 				 * '/foo/../bar/' should create the
 				 * 'foo' dir as a side-effect.
 				 */
-			} else
-				lastdotdot = 0;
-		} else
-			lastdotdot = 0;
+			}
+		}

 		/* Copy current element, including leading '/'. */
 		if (separator)
@ -1421,13 +1416,6 @@ cleanup_pathname(struct archive_write_disk *a)
 	 * We've just copied zero or more path elements, not including the
 	 * final '/'.
 	 */
-	if (lastdotdot) {
-		/* Trailing '..' is always wrong. */
-		archive_set_error(&a->archive,
-		    ARCHIVE_ERRNO_MISC,
-		    "Path contains trailing '..'");
-		return (ARCHIVE_FAILED);
-	}
 	if (dest == a->name) {
 		/*
 		 * Nothing got copied.  The path must have been something