Skip to content

Comments

fix: do not create directories outside#24

Merged
dignifiedquire merged 2 commits intomasterfrom
fix-outside-dir
Aug 24, 2021
Merged

fix: do not create directories outside#24
dignifiedquire merged 2 commits intomasterfrom
fix-outside-dir

Conversation

@dignifiedquire
Copy link
Owner

@dignifiedquire dignifiedquire commented Aug 23, 2021

ports alexcrichton/tar-rs#259

Closes #23

TODO: fix now failing test

@dignifiedquire dignifiedquire merged commit 9e61431 into master Aug 24, 2021
@dignifiedquire dignifiedquire deleted the fix-outside-dir branch August 24, 2021 08:55
This was referenced Feb 2, 2025
Open
Merged
charliermarsh added a commit to astral-sh/tokio-tar that referenced this pull request Feb 2, 2025
@charliermarsh
Avoid creating directories outside of target (#2)
aa70685 
## Summary

This is a port of alexcrichton/tar-rs#259 which was later ported to `async-tar` in dignifiedquire/async-tar#24. The goal is to avoid allowing archives to create directories outside of the target path by deferring the creation of directories.

## Test Plan

`cargo test`
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

async-tar may be exposed to RUSTSEC-2021-0080: Links in archive can create arbitrary directories

1 participant

@dignifiedquire