'Re: [PATCH 1/3] unzip: fix content listing and filtering when -j is used'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       busybox
Subject:    Re: [PATCH 1/3] unzip: fix content listing and filtering when -j is used
From:       Denys Vlasenko <vda.linux () googlemail ! com>
Date:       2017-11-09 11:47:30
Message-ID: CAK1hOcMWJg5ufghk0Cqz_0HDCXTcrwnrQTYbkBdw7Zd1+YBdxQ () mail ! gmail ! com
[Download RAW message or body]

Applied, thanks

On Tue, Nov 7, 2017 at 8:03 AM, Eugene Rudoy <gene.devel@gmail.com> wrote:
> Original Info-ZIP's unzip uses unstripped filenames
> while doing content listing and filtering, i.e.
>  - in content listing mode -j is ignored completely
>  - filtering is applied to non-stripped names, -j
>    takes effect first while extracting the files
>
> 997ad2c64abbe931dffa3598b015c5de04e515cf strips path
> components a little bit too early resulting in behavior
> deviations.
>
> Fix it by doing stripping after listing/filtering.
>
> p.s. Info-ZIP's unzip behavior is the same as
>      that of tar in --strip-components=NUM mode
>
> Signed-off-by: Eugene Rudoy <gene.devel@gmail.com>
> ---
>  archival/unzip.c | 15 ++++++++-------
>  1 file changed, 8 insertions(+), 7 deletions(-)
>
> diff --git a/archival/unzip.c b/archival/unzip.c
> index 604166063..83bd00c4e 100644
> --- a/archival/unzip.c
> +++ b/archival/unzip.c
> @@ -805,13 +805,6 @@ int unzip_main(int argc, char **argv)
>                 /* Guard against "/abspath", "/../" and similar attacks */
>                 overlapping_strcpy(dst_fn, strip_unsafe_prefix(dst_fn));
>
> -               if (opts & OPT_j) /* Strip paths? */
> -                       overlapping_strcpy(dst_fn, bb_basename(dst_fn));
> -
> -               /* Did this strip everything ("DIR/" case)? Then skip */
> -               if (!dst_fn[0])
> -                       goto skip_cmpsize;
> -
>                 /* Filter zip entries */
>                 if (find_list_entry(zreject, dst_fn)
>                  || (zaccept && !find_list_entry(zaccept, dst_fn))
> @@ -876,6 +869,14 @@ int unzip_main(int argc, char **argv)
>                         /* Extracting to STDOUT */
>                         goto do_extract;
>                 }
> +
> +               if (opts & OPT_j) /* Strip paths? */
> +                       overlapping_strcpy(dst_fn, bb_basename(dst_fn));
> +
> +               /* Did this strip everything ("DIR/" case)? Then skip */
> +               if (!dst_fn[0])
> +                       goto skip_cmpsize;
> +
>                 if (last_char_is(dst_fn, '/')) {
>                         int mode;
>
> --
> 2.15.0
> _______________________________________________
> busybox mailing list
> busybox@busybox.net
> http://lists.busybox.net/mailman/listinfo/busybox
_______________________________________________
busybox mailing list
busybox@busybox.net
http://lists.busybox.net/mailman/listinfo/busybox
[prev in list] [next in list] [prev in thread] [next in thread] 