vbatts/pkg
1
0
Fork 0
Code Pull requests Releases Activity

archive: prevent breakout in Untar

Browse source 
Signed-off-by: Tibor Vass <teabee89@gmail.com>
This commit is contained in:
Tibor Vass 2014-10-20 15:36:28 -04:00 committed by unclejack
parent 1752a203af
commit aa62eca940
2 changed files with 24 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
symlink/fs.go
View file

@ -10,6 +10,8 @@ import (
const maxLoopCounter = 100
type ErrBreakout error
// FollowSymlink will follow an existing link and scope it to the root
// path provided.
// The role of this function is to return an absolute path in the root
@ -34,7 +36,7 @@ func FollowSymlinkInScope(link, root string) (string, error) {
}
if !strings.HasPrefix(filepath.Dir(link), root) {
return "", fmt.Errorf("%s is not within %s", link, root)
return "", ErrBreakout(fmt.Errorf("%s is not within %s", link, root))
}
prev := "/"