Chris Smowton 1a2c209259
Add query checking for unpacking of symlinks without using EvalSymlinks to spot existing ones. ...
This is usually dangerous because (if the archive is untrusted) the intent is usually to permit within-archive symlinks, e.g. dest/a/parent -> .. -> dest/a is an acceptable link to unpack. However if EvalSymlinks is not used to take already-unpacked symlinks into account, it becomes possible to sneak tricks like dest/escapes -> dest/a/parent/.. through, which create links leading out of the archive for later abuse.
2020-11-16 09:57:26 +00:00
2019-11-25 15:48:58 +00:00
2020-04-17 13:19:11 +01:00
2020-08-26 07:20:24 +01:00
2020-05-01 07:57:13 +01:00
2020-05-01 07:57:13 +01:00
2020-05-05 12:05:09 +01:00
2020-05-05 03:25:08 -07:00
2020-05-07 11:46:31 +01:00
2020-05-13 04:31:23 -07:00
2020-05-12 05:44:19 -07:00
2020-05-13 15:55:52 +01:00
2020-05-19 06:31:47 +01:00
2020-05-20 10:10:28 +01:00
2020-08-26 07:21:05 +01:00
2020-05-22 11:11:58 +01:00
2020-05-29 15:03:05 +01:00
2020-10-14 09:42:12 -07:00
2020-06-24 23:29:55 -07:00
2020-06-16 15:48:39 +01:00
2020-06-17 00:28:03 -07:00
2020-06-22 09:22:47 +01:00
2020-06-19 08:16:09 +01:00
2020-08-26 07:46:56 +01:00
2020-07-02 12:03:43 +01:00
2020-06-25 22:23:49 +01:00
2020-08-26 07:58:19 +01:00
2020-06-26 11:20:45 +01:00
2020-08-26 10:54:18 +01:00
2020-07-06 17:02:26 +01:00
2020-07-09 13:06:31 +01:00
2020-07-28 11:55:58 +01:00
2020-07-29 14:43:47 +01:00
2020-08-20 11:45:29 +01:00
2020-08-10 11:04:25 +01:00
2020-08-11 10:48:03 +01:00
2020-09-02 15:05:22 +01:00
2020-08-25 10:29:42 +01:00
2020-09-08 16:32:12 +01:00
2020-09-10 17:29:06 +01:00
2020-09-10 16:52:06 +01:00
2020-09-16 09:14:23 +01:00
2020-09-21 17:35:40 +01:00
2020-09-23 15:07:22 +01:00
2020-09-24 12:41:14 +02:00
2020-10-14 09:25:39 -07:00
2020-10-06 14:42:59 +01:00
2020-10-12 12:27:19 +01:00
2020-11-06 11:04:53 +00:00
2020-10-14 13:32:26 +01:00
2020-10-16 10:56:27 +01:00
2020-10-20 10:00:05 +01:00
2020-11-16 09:57:26 +00:00
2020-11-09 10:10:47 -08:00
1a2c209259