merge

author: cinap_lenrek <cinap_lenrek@gmx.de> 2013-10-03 17:31:55 +0200
committer: cinap_lenrek <cinap_lenrek@gmx.de> 2013-10-03 17:31:55 +0200
commit: 60e3d2782b30019769bd250c15329108fab1cc5a (patch)
tree: e10fd6e65ed380caccabc8d08d4c79d055d1a211 /sys/src
parent: 225cc4af5c5be518460b204aaba7beb9e013d6a7 (diff)
parent: 7ad47f1083f6d62d1135fe49807b51380cc4d7cb (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/sys/src/cmd/tapefs/tarfs.c b/sys/src/cmd/tapefs/tarfs.c
index 96271a866..c58db4bbb 100644
--- a/sys/src/cmd/tapefs/tarfs.c
+++ b/sys/src/cmd/tapefs/tarfs.c
@@ -144,10 +144,12 @@ populate(char *name)
 		}
 		f.mode &= DMDIR | 0777;
 
-		/* make file name safe and canonical */
+		/* make file name safe, canonical and free of . and .. */
 		while (fname[0] == '/')		/* don't allow absolute paths */
 			++fname;
 		cleanname(fname);
+		while (strncmp(fname, "../", 3) == 0)
+			fname += 3;
 
 		/* reject links */
 		linkflg = hp->linkflag == LF_SYMLINK1 ||
author	cinap_lenrek <cinap_lenrek@gmx.de>	2013-10-03 17:31:55 +0200
committer	cinap_lenrek <cinap_lenrek@gmx.de>	2013-10-03 17:31:55 +0200
commit	60e3d2782b30019769bd250c15329108fab1cc5a (patch)
tree	e10fd6e65ed380caccabc8d08d4c79d055d1a211 /sys/src
parent	225cc4af5c5be518460b204aaba7beb9e013d6a7 (diff)
parent	7ad47f1083f6d62d1135fe49807b51380cc4d7cb (diff)