cmd/cruntar: avoid writing files outside archive

This commit is contained in:
Kyle Isom 2023-05-04 17:20:22 -07:00
parent 7828726ba4
commit 3c2ec896f8
1 changed files with 7 additions and 0 deletions

View File

@ -92,6 +92,13 @@ func processFile(tfr *tar.Reader, hdr *tar.Header, top string) error {
return err return err
} }
case tar.TypeSymlink: case tar.TypeSymlink:
path := linkTarget(hdr.Linkname, top)
if ok, err := filepath.Match(top+"/*", filepath.Clean(path)); !ok {
return fmt.Errorf("symlink %s isn't in %s", hdr.Linkname, top)
} else if err != nil {
return err
}
err := os.Symlink(linkTarget(hdr.Linkname, top), filePath) err := os.Symlink(linkTarget(hdr.Linkname, top), filePath)
if err != nil { if err != nil {
return err return err