Forbid extracting files with absolute path from 'cpio' archives (boo#1122683)

Also fix and modernize the code, add tests.
2025-09-08 14:08:42 +02:00 · 2024-05-30 11:12:09 +02:00
parent d61b781976
commit 5cbd110a84
4 changed files with 97 additions and 4 deletions
--- a/tests/fixtures/README
+++ b/tests/fixtures/README
@@ -26,3 +26,10 @@ Create archive.ar
 ar qP archive.ar /tmp/foo /123 very-long-long-long-long-name very-long-long-long-long-name2 'very-long-name
 -with-newline' 'a
 b' dir/file
+
+
+Create archive.cpio
+-------------------
+
+printf "/tmp/foo\0/123\0very-long-long-long-long-name\0very-long-long-long-long-name2\0very-long-name
+-with-newline\0a\nb\0dir/file\0" | cpio -ocv0 --owner=root:root > archive.cpio
--- a/tests/fixtures/archive.cpio
+++ b/tests/fixtures/archive.cpio