Commit 8109c368 authored by Ondrej Holy's avatar Ondrej Holy
Browse files

extractor: Do not allow symlink in parents

Currently, it is still possible that some files are extracted outside of
the destination dir in case of malicious archives. The checks from commit
adb067e6 can be still bypassed in certain cases. See file-roller#108
for more details. After some investigation, I am convinced that it would be
best to	simply disallow symlinks in parents. For example, `tar` fails to
extract such files with the `ENOTDIR` error. Let's do the same here.

Fixes: #12
parent c678fcd2
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment