Skip to content

Commit cde4605

Browse files
committed
Disallow symlinks to out-of-path filenames
1 parent be2da51 commit cde4605

File tree

3 files changed

+26
-0
lines changed

3 files changed

+26
-0
lines changed

Diff for: Archive/Tar.php

+8
Original file line numberDiff line numberDiff line change
@@ -2124,6 +2124,14 @@ public function _extractList(
21242124
}
21252125
}
21262126
} elseif ($v_header['typeflag'] == "2") {
2127+
if (strpos(realpath(dirname($v_header['link'])), realpath($p_path)) !== 0) {
2128+
$this->_error(
2129+
'Out-of-path file extraction {'
2130+
. $v_header['filename'] . ' --> ' .
2131+
$v_header['link'] . '}'
2132+
);
2133+
return false;
2134+
}
21272135
if (!$p_symlinks) {
21282136
$this->_warning('Symbolic links are not allowed. '
21292137
. 'Unable to extract {'

Diff for: tests/out_of_path_fnames.phpt

+18
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,18 @@
1+
--TEST--
2+
tests writes to out-of-path filenames
3+
--SKIPIF--
4+
--FILE--
5+
<?php
6+
require_once dirname(__FILE__) . '/setup.php.inc';
7+
$tar = new Archive_Tar(dirname(__FILE__) . '/out_of_path_symlink.tar');
8+
$tar->extract();
9+
$phpunit->assertErrors(array(array('package' => 'PEAR_Error', 'message' => "Out-of-path file extraction {symlink --> /tmp/}")), 'after 1');
10+
$phpunit->assertFileNotExists('symlink/whatever-filename', 'Out-of-path filename should not have succeeded');
11+
echo 'tests done';
12+
?>
13+
--CLEAN--
14+
<?php
15+
@unlink("symlink");
16+
?>
17+
--EXPECT--
18+
tests done

Diff for: tests/out_of_path_symlink.tar

2.5 KB
Binary file not shown.

0 commit comments

Comments
 (0)