From 87a069c887267ff375c35fdbe5d95fbe71ff0579 Mon Sep 17 00:00:00 2001 From: glx22 Date: Mon, 22 Jun 2020 14:21:11 +0200 Subject: Fix #8230: Resolve ".." when opening files in .tar (#8231) --- src/fileio.cpp | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) (limited to 'src') diff --git a/src/fileio.cpp b/src/fileio.cpp index f17a0ffc0..7340fa172 100644 --- a/src/fileio.cpp +++ b/src/fileio.cpp @@ -25,6 +25,7 @@ #endif #include #include +#include #ifdef WITH_XDG_BASEDIR #include @@ -481,6 +482,28 @@ FILE *FioFOpenFile(const char *filename, const char *mode, Subdirectory subdir, strecpy(resolved_name, filename, lastof(resolved_name)); strtolower(resolved_name); + /* Resolve ".." */ + std::istringstream ss(resolved_name); + std::vector tokens; + std::string token; + while (std::getline(ss, token, PATHSEPCHAR)) { + if (token == "..") { + if (tokens.size() < 2) return nullptr; + tokens.pop_back(); + } else { + tokens.push_back(token); + } + } + resolved_name[0] = '\0'; + bool first = true; + for (const std::string &token : tokens) { + if (!first) { + strecat(resolved_name, PATHSEP, lastof(resolved_name)); + } + strecat(resolved_name, token.c_str(), lastof(resolved_name)); + first = false; + } + size_t resolved_len = strlen(resolved_name); /* Resolve ONE directory link */ -- cgit v1.2.3-70-g09d2