summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--usr.bin/ar/read.c10
1 files changed, 9 insertions, 1 deletions
diff --git a/usr.bin/ar/read.c b/usr.bin/ar/read.c
index e595869..98674b7 100644
--- a/usr.bin/ar/read.c
+++ b/usr.bin/ar/read.c
@@ -186,7 +186,15 @@ read_archive(struct bsdar *bsdar, char mode)
if (bsdar->options & AR_V)
(void)fprintf(stdout, "x - %s\n", name);
- flags = 0;
+ /* Disallow absolute paths. */
+ if (name[0] == '/') {
+ bsdar_warnc(bsdar, 0,
+ "Absolute path '%s'", name);
+ continue;
+ }
+ /* Basic path security flags. */
+ flags = ARCHIVE_EXTRACT_SECURE_SYMLINKS | \
+ ARCHIVE_EXTRACT_SECURE_NODOTDOT;
if (bsdar->options & AR_O)
flags |= ARCHIVE_EXTRACT_TIME;
OpenPOWER on IntegriCloud