Skip to content

Commit 8bf8c5e

Browse files
Vogtinatortsdgeos
authored andcommitted
Pass the ARCHIVE_EXTRACT_SECURE_SYMLINKS flag to libarchive
There are archive types which allow to first create a symlink and then later on dereference it. If the symlink points outside of the archive, this results in writing outside of the destination directory. With the ARCHIVE_EXTRACT_SECURE_SYMLINKS option set, libarchive avoids this situation by verifying that none of the target path components are symlinks before writing. Remove the commented out code in the method, which would actually misbehave if enabled again. Signed-off-by: Fabian Vogt <fabian@ritter-vogt.de>
1 parent ddd3641 commit 8bf8c5e

File tree

1 file changed

+3
-15
lines changed

1 file changed

+3
-15
lines changed

Diff for: plugins/libarchive/libarchiveplugin.cpp

+3-15
Original file line numberDiff line numberDiff line change
@@ -509,21 +509,9 @@ void LibarchivePlugin::emitEntryFromArchiveEntry(struct archive_entry *aentry)
509509

510510
int LibarchivePlugin::extractionFlags() const
511511
{
512-
int result = ARCHIVE_EXTRACT_TIME;
513-
result |= ARCHIVE_EXTRACT_SECURE_NODOTDOT;
514-
515-
// TODO: Don't use arksettings here
516-
/*if ( ArkSettings::preservePerms() )
517-
{
518-
result &= ARCHIVE_EXTRACT_PERM;
519-
}
520-
521-
if ( !ArkSettings::extractOverwrite() )
522-
{
523-
result &= ARCHIVE_EXTRACT_NO_OVERWRITE;
524-
}*/
525-
526-
return result;
512+
return ARCHIVE_EXTRACT_TIME
513+
| ARCHIVE_EXTRACT_SECURE_NODOTDOT
514+
| ARCHIVE_EXTRACT_SECURE_SYMLINKS;
527515
}
528516

529517
void LibarchivePlugin::copyData(const QString& filename, struct archive *dest, bool partialprogress)

0 commit comments

Comments
 (0)