archive/tar, archive/zip: return ErrInsecurePath for unsafe paths - go - Fork of Go programming language with my patches.

diff options

author	Damien Neil <dneil@google.com>	2022-09-22 16:22:04 -0700
committer	Gopher Robot <gobot@golang.org>	2022-11-16 23:36:48 +0000
commit	a2d8157a7ecc8c7a91c93182ae4778aef505677e (patch)
tree	4ccbb99c63cf2f446b10f3b7f337e8355f2b17c4 /src/path
parent	6d0bf438e302afcb0db5422ea2da59d1995e08c1 (diff)
download	go-a2d8157a7ecc8c7a91c93182ae4778aef505677e.tar.xz

archive/tar, archive/zip: return ErrInsecurePath for unsafe paths

Return a distinguishable error when reading an archive file with a path that is: - absolute - escapes the current directory (../a) - on Windows, a reserved name such as NUL Users may ignore this error and proceed if they do not need name sanitization or intend to perform it themselves. Fixes #25849 Fixes #55356 Change-Id: Ieefa163f00384bc285ab329ea21a6561d39d8096 Reviewed-on: https://go-review.googlesource.com/c/go/+/449937 Reviewed-by: Joseph Tsai <joetsai@digital-static.net> TryBot-Result: Gopher Robot <gobot@golang.org> Run-TryBot: Damien Neil <dneil@google.com> Auto-Submit: Damien Neil <dneil@google.com> Reviewed-by: Ian Lance Taylor <iant@golang.org> Reviewed-by: Roland Shoemaker <roland@golang.org>

Diffstat (limited to 'src/path')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: