Browse Source

Plan 9 from Bell Labs 2013-10-02

David du Colombier 7 years ago
parent
commit
45587c0d8c
3 changed files with 23 additions and 5 deletions
  1. 3 1
      sys/src/cmd/tapefs/tarfs.c
  2. 7 1
      sys/src/cmd/tar.c
  3. 13 3
      sys/src/cmd/test.c

+ 3 - 1
sys/src/cmd/tapefs/tarfs.c

@@ -144,10 +144,12 @@ populate(char *name)
 		}
 		f.mode &= DMDIR | 0777;
 
-		/* make file name safe and canonical */
+		/* make file name safe, canonical and free of . and .. */
 		while (fname[0] == '/')		/* don't allow absolute paths */
 			++fname;
 		cleanname(fname);
+		while (strncmp(fname, "../", 3) == 0)
+			fname += 3;
 
 		/* reject links */
 		linkflg = hp->linkflag == LF_SYMLINK1 ||

+ 7 - 1
sys/src/cmd/tar.c

@@ -869,6 +869,7 @@ replace(char **argv)
 	int i, ar;
 	ulong blksleft, blksread;
 	Off bytes;
+	char *arg;
 	Hdr *hp;
 	Compress *comp = nil;
 	Pushstate ps;
@@ -909,7 +910,12 @@ replace(char **argv)
 	}
 
 	for (i = 0; argv[i] != nil; i++) {
-		addtoar(ar, argv[i], argv[i]);
+		arg = argv[i];
+		cleanname(arg);
+		if (strcmp(arg, "..") == 0 || strncmp(arg, "../", 3) == 0)
+			fprint(2, "%s: name starting with .. is a bad idea\n",
+				argv0);
+		addtoar(ar, arg, arg);
 		chdir(origdir);		/* for correctness & profiling */
 	}
 

+ 13 - 3
sys/src/cmd/test.c

@@ -327,7 +327,7 @@ isint(char *s, int *pans)
 int
 isolder(char *pin, char *f)
 {
-	int r;
+	int r, rel;
 	ulong n, m;
 	char *p = pin;
 	Dir *dir;
@@ -338,6 +338,7 @@ isolder(char *pin, char *f)
 
 	/* parse time */
 	n = 0;
+	rel = 0;
 	while(*p){
 		m = strtoul(p, &p, 0);
 		switch(*p){
@@ -362,13 +363,22 @@ isolder(char *pin, char *f)
 		case 's':
 			n += m;
 			p++;
+			rel = 1;
 			break;
 		default:
 			synbad("bad time syntax, ", pin);
 		}
 	}
-
-	r = dir->mtime + n < time(0);
+	if (!rel)
+		m = n;
+	else{
+		m = time(0);
+		if (n > m)		/* before epoch? */
+			m = 0;
+		else
+			m -= n;
+	}
+	r = dir->mtime < m;
 	free(dir);
 	return r;
 }