author: Ed Maste <emaste@FreeBSD.org> 2015-04-09 13:45:17 +0000
committer: Ed Maste <emaste@FreeBSD.org> 2015-04-09 13:45:17 +0000
commit: 56ad941995adc50961fc2676e47401f8bb616b01 (patch)
tree: 424a30dca65ec792e35d8669b75371e2b631b17b /usr.bin/ar
parent: 0ada3afc253298c6dd80828b14dba1573e608941 (diff)
download: src-test2-56ad941995adc50961fc2676e47401f8bb616b01.tar.gz
src-test2-56ad941995adc50961fc2676e47401f8bb616b01.zip
1 files changed, 9 insertions, 1 deletions
diff --git a/usr.bin/ar/read.c b/usr.bin/ar/read.c
index ed7a94a67685..aa499e0f9e3a 100644
--- a/usr.bin/ar/read.c
+++ b/usr.bin/ar/read.c
@@ -187,7 +187,15 @@ read_archive(struct bsdar *bsdar, char mode)
 
 				if (bsdar->options & AR_V)
 					(void)fprintf(stdout, "x - %s\n", name);
-				flags = 0;
+				/* Disallow absolute paths. */
+				if (name[0] == '/') {
+					bsdar_warnc(bsdar, 0,
+					    "Absolute path '%s'", name);
+					continue;
+				}
+				/* Basic path security flags. */
+				flags = ARCHIVE_EXTRACT_SECURE_SYMLINKS | \
+				    ARCHIVE_EXTRACT_SECURE_NODOTDOT;
 				if (bsdar->options & AR_O)
 					flags |= ARCHIVE_EXTRACT_TIME;
author	Ed Maste <emaste@FreeBSD.org>	2015-04-09 13:45:17 +0000
committer	Ed Maste <emaste@FreeBSD.org>	2015-04-09 13:45:17 +0000
commit	56ad941995adc50961fc2676e47401f8bb616b01 (patch)
tree	424a30dca65ec792e35d8669b75371e2b631b17b /usr.bin/ar
parent	0ada3afc253298c6dd80828b14dba1573e608941 (diff)
download	src-test2-56ad941995adc50961fc2676e47401f8bb616b01.tar.gz src-test2-56ad941995adc50961fc2676e47401f8bb616b01.zip