This is the mail archive of the
gcc-bugs@gcc.gnu.org
mailing list for the GCC project.
[Bug fastjar/28359] fastjar directory traversal problem
- From: "jakub at redhat dot com" <gcc-bugzilla at gcc dot gnu dot org>
- To: gcc-bugs at gcc dot gnu dot org
- Date: 17 Jul 2006 12:21:03 -0000
- Subject: [Bug fastjar/28359] fastjar directory traversal problem
- References: <bug-28359-3760@http.gcc.gnu.org/bugzilla/>
- Reply-to: gcc-bugzilla at gcc dot gnu dot org
------- Comment #12 from jakub at redhat dot com 2006-07-17 12:21 -------
The patch in #4 is insufficient. Consider paths like ././../.././../etc/passwd
which satisfies the depth tests, yet clearly escapes the current dir tree.
Another question is about symlinks, if there is a foo -> ../../../../etc
symlink in the current tree, then I believe fastjar will happily store
foo/passwd into ../../../../etc/passwd, is that something that can be declared
as user's fault or should fastjar always canonicalize the filename and don't
allow leaving the current directory tree in any way?
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=28359