summaryrefslogtreecommitdiff
path: root/archivers/lha/files/patch-lhext.c
diff options
context:
space:
mode:
Diffstat (limited to 'archivers/lha/files/patch-lhext.c')
-rw-r--r--archivers/lha/files/patch-lhext.c84
1 files changed, 84 insertions, 0 deletions
diff --git a/archivers/lha/files/patch-lhext.c b/archivers/lha/files/patch-lhext.c
new file mode 100644
index 000000000000..62f3fe5ac1c6
--- /dev/null
+++ b/archivers/lha/files/patch-lhext.c
@@ -0,0 +1,84 @@
+--- src/lhext.c.orig 2000-10-04 14:57:38 UTC
++++ src/lhext.c
+@@ -143,13 +143,13 @@ adjust_info(name, hdr)
+ char *name;
+ LzHeader *hdr;
+ {
+- time_t utimebuf[2];
++ struct utimbuf utimebuf;
+
+ /* adjust file stamp */
+- utimebuf[0] = utimebuf[1] = hdr->unix_last_modified_stamp;
++ utimebuf.actime = utimebuf.modtime = hdr->unix_last_modified_stamp;
+
+ if ((hdr->unix_mode & UNIX_FILE_TYPEMASK) != UNIX_FILE_SYMLINK)
+- utime(name, utimebuf);
++ utime(name, &utimebuf);
+
+ if (hdr->extend_type == EXTEND_UNIX
+ || hdr->extend_type == EXTEND_OS68K
+@@ -190,8 +190,13 @@ extract_one(afp, hdr)
+ q = (char *) rindex(hdr->name, '/') + 1;
+ }
+ else {
++ if (is_directory_traversal(q)) {
++ fprintf(stderr, "Possible directory traversal hack attempt in %s\n", q);
++ exit(111);
++ }
++
+ if (*q == '/') {
+- q++;
++ while (*q == '/') { q++; }
+ /*
+ * if OSK then strip device name
+ */
+@@ -351,10 +356,13 @@ extract_one(afp, hdr)
+ }
+
+ unlink(bb1);
++ make_parent_path(bb1);
+ l_code = symlink(bb2, bb1);
+ if (l_code < 0) {
+- if (quiet != TRUE)
+- warning("Can't make Symbolic Link : ");
++ if (quiet != TRUE) {
++ sprintf(buf, "%s -> %s", bb1, bb2);
++ warning("Can't make Symbolic Link : ", buf);
++ }
+ }
+ if (quiet != TRUE) {
+ printf("Symbolic Link %s -> %s\n", bb1, bb2);
+@@ -419,6 +427,33 @@ cmd_extract()
+ return;
+ }
+
++int
++is_directory_traversal(char *string)
++{
++ unsigned int type = 0; /* 0 = new, 1 = only dots, 2 = other chars than dots */
++ char *temp;
++
++ temp = string;
++
++ while (*temp != 0) {
++ if (temp[0] == '/') {
++ if (type == 1) { return 1; }
++ type = 0;
++ temp++;
++ continue;
++ }
++
++ if ((temp[0] == '.') && (type < 2))
++ type = 1;
++ if (temp[0] != '.')
++ type = 2;
++
++ temp++;
++ } /* while */
++
++ return (type == 1);
++}
++
+ /* Local Variables: */
+ /* mode:c */
+ /* tab-width:4 */
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-13 18:52:06 +0000