From: arai <arai@6a8cc165-1e22-0410-a132-eb4e3f353aba>
Date: Fri, 7 May 2004 22:16:10 +0000 (+0000)
Subject: * src/lhext.c (extract_one, is_directory_traversal): applied a
X-Git-Url: http://git.osdn.net/view?p=lha%2Flha.git;a=commitdiff_plain;h=94ae08dd64139fd226ab9400a4879d61dd9092bc

* src/lhext.c (extract_one, is_directory_traversal): applied a
security patch (CAN-2004-0235: directory traversal problems)


git-svn-id: svn+ssh://svn.sourceforge.jp/svnroot/lha/lha/trunk@783 6a8cc165-1e22-0410-a132-eb4e3f353aba
---

diff --git a/src/lhext.c b/src/lhext.c
index 15f2653..3fdbd65 100644
--- a/src/lhext.c
+++ b/src/lhext.c
@@ -225,8 +225,14 @@ extract_one(afp, hdr)
         q = (char *) strrchr(hdr->name, '/') + 1;
     }
     else {
+        if (is_directory_traversal(q)) {
+            fprintf(stderr, "Possible directory traversal hack attempt in %s\n", q);
+            exit(111);
+        }
+
         if (*q == '/') {
-            q++;
+            while (*q == '/') { q++; }
+
             /*
              * if OSK then strip device name
              */
@@ -479,6 +485,33 @@ cmd_extract()
     return;
 }
 
+int
+is_directory_traversal(char *string)
+{
+    unsigned int type = 0; /* 0 = new, 1 = only dots, 2 = other chars than dots */
+    char *temp;
+
+    temp = string;
+
+    while (*temp != 0) {
+        if (temp[0] == '/') {
+            if (type == 1) { return 1; }
+            type = 0;
+            temp++;
+            continue;
+        }
+
+        if ((temp[0] == '.') && (type < 2))
+            type = 1;
+        if (temp[0] != '.')
+            type = 2;
+
+        temp++;
+    } /* while */
+
+    return (type == 1);
+}
+
 /*
  * restore directory information (time stamp).
  * added by A.Iriyama  2003.12.12