busybox/archival
Denys Vlasenko a84db18fc7 tar,unzip: postpone creation of symlinks with "suspicious" targets
This mostly reverts commit bc9bbeb2b8
"libarchive: do not extract unsafe symlinks unless $EXTRACT_UNSAFE_SYMLINKS=1"

Users report that it is somewhat too restrictive. See
https://bugs.busybox.net/show_bug.cgi?id=8411

In particular, this interferes with unpacking of busybox-based
filesystems with links like "sbin/applet" -> "../bin/busybox".

The change is made smaller by deleting ARCHIVE_EXTRACT_QUIET flag -
it is unused since 2010, and removing conditionals on it
allows commonalizing some error message codes.

function                                             old     new   delta
create_or_remember_symlink                             -      94     +94
create_symlinks_from_list                              -      64     +64
tar_main                                            1002    1006      +4
unzip_main                                          2732    2724      -8
data_extract_all                                     984     891     -93
unsafe_symlink_target                                147       -    -147
------------------------------------------------------------------------------
(add/remove: 2/1 grow/shrink: 1/2 up/down: 162/-248)          Total: -86 bytes

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-02-20 16:06:53 +01:00
..
libarchive tar,unzip: postpone creation of symlinks with "suspicious" targets 2018-02-20 16:06:53 +01:00
ar.c regularize format of source file headers, no code changes 2017-09-18 16:28:43 +02:00
bbunzip_test2.sh add tests for gunzip 2007-10-05 15:27:03 +00:00
bbunzip_test3.sh add tests for gunzip 2007-10-05 15:27:03 +00:00
bbunzip_test.sh add tests for gunzip 2007-10-05 15:27:03 +00:00
bbunzip.c libarchive: move bbunpack constants to bb_archive.h 2018-02-01 09:13:14 +01:00
bzip2.c bzip2: expose tuning knob for faster/smaller code 2018-02-07 01:33:25 +01:00
Config.src config: deindent all help texts 2017-07-21 09:50:55 +02:00
cpio.c regularize format of source file headers, no code changes 2017-09-18 16:28:43 +02:00
dpkg_deb.c regularize format of source file headers, no code changes 2017-09-18 16:28:43 +02:00
dpkg.c regularize format of source file headers, no code changes 2017-09-18 16:28:43 +02:00
gzip.c libbb: commonalize a bit of little-endian CRC32 table generation code 2018-02-01 10:56:19 +01:00
Kbuild.src cpio: implement -R/--owner 2015-10-16 17:24:46 +02:00
lzop.c libbb: commonalize a bit of little-endian CRC32 table generation code 2018-02-01 10:56:19 +01:00
rpm.c rpm,rpm2cpio: do not compile not-configurred parts of rpm.c 2017-08-22 15:33:04 +02:00
rpm.h *: make GNU licensing statement forms more regular 2010-08-16 20:14:46 +02:00
tar_symlink_attack tar: postpone creation of symlinks with "suspicious" targets. Closes 8411 2017-07-24 17:20:13 +02:00
tar.c tar,unzip: postpone creation of symlinks with "suspicious" targets 2018-02-20 16:06:53 +01:00
unzip.c tar,unzip: postpone creation of symlinks with "suspicious" targets 2018-02-20 16:06:53 +01:00