src/pxar/sequential_decoder.rs: Also check for nul bytes when reading the filename
Check if the filename does not contain invalid nul byes when reading it from the archive. Signed-off-by: Christian Ebner <c.ebner@proxmox.com>
This commit is contained in:
parent
4204e53560
commit
894cd49ac4
@ -129,8 +129,8 @@ impl <'a, R: Read, F: Fn(&Path) -> Result<(), Error>> SequentialDecoder<'a, R, F
|
||||
bail!("found invalid filename '.' or '..'.");
|
||||
}
|
||||
|
||||
if buffer.iter().find(|b| (**b == b'/')).is_some() {
|
||||
bail!("found invalid filename with slashes.");
|
||||
if buffer.iter().find(|b| (**b == b'/' || **b == b'\0')).is_some() {
|
||||
bail!("found invalid filename with slashes or nul bytes.");
|
||||
}
|
||||
|
||||
let name = std::ffi::OsString::from_vec(buffer);
|
||||
|
Loading…
Reference in New Issue
Block a user