mirrors/busybox
3
0
Fork 0
mirror of https://git.busybox.net/busybox synced 2025-12-22 19:20:29 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
busybox/scripts/kconfig/lxdialog
History
Exact
Denys Vlasenko 9a8796436b archival: disallow path traversals (CVE-2023-39810) 
Create new configure option for archival/libarchive based extractions to
disallow path traversals.
As this is a paranoid option and might introduce backward
incompatibility, default it to no.

Fixes: CVE-2023-39810

Based on the patch by Peter Kaestle <peter.kaestle@nokia.com>

function                                             old     new   delta
data_extract_all                                     921     945     +24
strip_unsafe_prefix                                  101     102      +1
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 2/0 up/down: 25/0)               Total: 25 bytes

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2025-04-16 03:03:17 +02:00
..
.gitignore add .gitignore files 2009-05-05 09:05:30 -04:00
BIG.FAT.WARNING Remove 'busybox' word from configuration programs 2008-05-28 11:59:32 +00:00
check-lxdialog.sh archival: disallow path traversals (CVE-2023-39810) 2025-04-16 03:03:17 +02:00
checklist.c
colors.h
dialog.h
inputbox.c
lxdialog.c build system: fix compiler warnings 2019-01-06 20:12:16 +01:00
Makefile - forgot to pass in the HOST_EXTRACFLAGS 2008-08-28 14:29:54 +00:00
menubox.c whitespace fixes (leading spaces to tab) 2007-01-13 21:06:21 +00:00
msgbox.c
textbox.c get rid of several "variable 'x' set but not used" warnings 2011-05-01 14:43:53 +02:00
util.c dont use obsolete function index() as pointed out by src.obsolete.funcs 2007-03-17 06:29:05 +00:00
yesno.c