From bb7fd0c1abe5459aeccf95009b9f365f80ab6c74 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Wed, 15 Jan 2014 11:33:55 -0600 Subject: [PATCH 1/1] unix_apply.c: Use O_NOFOLLOW when opening files If the destination directory contained a symbolic link and wimlib attempted to extract a regular file to the same location, it would write the file to the target of the symbolic link, which could point to an arbitrary location. Fix this by passing O_NOFOLLOW to open(). --- src/unix_apply.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/src/unix_apply.c b/src/unix_apply.c index 21a804a5..8d549f60 100644 --- a/src/unix_apply.c +++ b/src/unix_apply.c @@ -44,6 +44,10 @@ # include #endif +#ifndef O_NOFOLLOW +# define O_NOFOLLOW 0 +#endif + static int unix_start_extract(const char *target, struct apply_ctx *ctx) { @@ -56,7 +60,7 @@ unix_start_extract(const char *target, struct apply_ctx *ctx) static int unix_create_file(const char *path, struct apply_ctx *ctx, u64 *cookie_ret) { - int fd = open(path, O_TRUNC | O_CREAT | O_WRONLY, 0644); + int fd = open(path, O_TRUNC | O_CREAT | O_WRONLY | O_NOFOLLOW, 0644); if (fd < 0) return WIMLIB_ERR_OPEN; close(fd); @@ -118,7 +122,7 @@ unix_extract_unnamed_stream(file_spec_t file, int raw_fd; int ret; - raw_fd = open(path, O_WRONLY | O_TRUNC); + raw_fd = open(path, O_WRONLY | O_TRUNC | O_NOFOLLOW); if (raw_fd < 0) return WIMLIB_ERR_OPEN; filedes_init(&fd, raw_fd); -- 2.43.0