Fix #8230: Resolve ".." when opening files in .tar (#8231)

4 years ago · 87a069c887
parent e6f3e15c32
commit 87a069c887
1 changed files with 23 additions and 0 deletions
--- a/src/fileio.cpp
+++ b/src/fileio.cpp
@ -25,6 +25,7 @@
 #endif
 #include <sys/stat.h>
 #include <algorithm>
+#include <sstream>

 #ifdef WITH_XDG_BASEDIR
 #include <basedir.h>
@ -481,6 +482,28 @@ FILE *FioFOpenFile(const char *filename, const char *mode, Subdirectory subdir,
 		strecpy(resolved_name, filename, lastof(resolved_name));
 		strtolower(resolved_name);

+		/* Resolve ".." */
+		std::istringstream ss(resolved_name);
+		std::vector<std::string> tokens;
+		std::string token;
+		while (std::getline(ss, token, PATHSEPCHAR)) {
+			if (token == "..") {
+				if (tokens.size() < 2) return nullptr;
+				tokens.pop_back();
+			} else {
+				tokens.push_back(token);
+			}
+		}
+		resolved_name[0] = '\0';
+		bool first = true;
+		for (const std::string &token : tokens) {
+			if (!first) {
+				strecat(resolved_name, PATHSEP, lastof(resolved_name));
+			}
+			strecat(resolved_name, token.c_str(), lastof(resolved_name));
+			first = false;
+		}
+
 		size_t resolved_len = strlen(resolved_name);

 		/* Resolve ONE directory link */