Reject cpio versions vulnerable to path traversal

All cpio versions up to and including 2.12 are vulnerable
to path traversal with maliciously crafted cpio archives.

This closes github issue #183, reported by febinrev.

src/cpio.c

@@ -17,6 +17,7 @@
  *  MA 02110-1301 USA.
  */
 
+#include <stdio.h>
 #include <string.h>
 #include "cpio.h"
 #include "date_utils.h"
@@ -32,6 +33,29 @@ static void relative_path (char *filename, gpointer user_data)
 		strcpy(filename, filename + 1);
 }
 
+gboolean xa_cpio_check_version (gchar *path)
+{
+	gchar *command, *output = NULL;
+	int major, minor;
+	gboolean result = FALSE;
+
+	command = g_strconcat(path, " --version", NULL);
+	g_spawn_command_line_sync(command, &output, NULL, NULL, NULL);
+	g_free(command);
+
+	if (output)
+	{
+		if (strncmp(output, "cpio (GNU cpio) ", 16) == 0)
+			if (sscanf(output + 16, "%d.%d", &major, &minor) == 2)
+				/* cpio as of version 2.13 is safe */
+				result = ((major == 2 && minor > 12) || major > 2);
+
+		g_free(output);
+	}
+
+	return result;
+}
+
 void xa_cpio_ask (XArchive *archive)
 {
 	archive->can_extract = TRUE;

src/cpio.h

@@ -25,6 +25,7 @@
 
 void xa_cpio_add(XArchive *, GSList *);
 void xa_cpio_ask(XArchive *);
+gboolean xa_cpio_check_version(gchar *);
 gboolean xa_cpio_extract(XArchive *, GSList *);
 void xa_cpio_list(XArchive *);
 void xa_cpio_parse_output(gchar *, XArchive *);

src/main.c

@@ -443,7 +443,7 @@ static void xa_check_available_archivers ()
 	type = XARCHIVETYPE_CPIO;
 	path = cpio;
 
-	standard = (path != NULL);
+	standard = (path && xa_cpio_check_version(path));
 
 	if (!standard)
 	{