Do an explicit "is filename sane" check

Until now, filenames containing '/' or being equal to '..' or '.' where
not handled explicitly, because they are canonicalized later, which
will then fail.

This commit adds an explicit check to make those fail immediately with
a clear, specific error message.

Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>

1 files changed, 9 insertions, 0 deletions

diff --git a/unpack/restore_fstree.c b/unpack/restore_fstree.c
index 1dadce4..6995d47 100644
--- a/unpack/restore_fstree.c
+++ b/unpack/restore_fstree.c
@@ -12,6 +12,12 @@ static int create_node(const sqfs_tree_node_t *n, int flags)
 	int fd, ret;
 	char *name;
 
+	if (!is_filename_sane((const char *)n->name)) {
+		fprintf(stderr, "Found an entry named '%s', skipping.\n",
+			n->name);
+		return 0;
+	}
+
 	if (!(flags & UNPACK_QUIET)) {
 		name = sqfs_tree_node_get_path(n);
 		if (name != NULL) {
@@ -154,6 +160,9 @@ static int set_attribs(sqfs_xattr_reader_t *xattr,
 {
 	const sqfs_tree_node_t *c;
 
+	if (!is_filename_sane((const char *)n->name))
+		return 0;
+
 	if (S_ISDIR(n->inode->base.mode)) {
 		if (pushd((const char *)n->name))
 			return -1;