From f6a7d366f8391e6cb3036b3616b1995fe163d717 Mon Sep 17 00:00:00 2001 From: Eugene Rudoy Date: Mon, 6 Nov 2017 21:42:43 +0100 Subject: [PATCH 1/3] unzip: fix content listing and filtering when -j is used Original Info-ZIP's unzip uses unstripped filenames while doing content listing and filtering, i.e. - in content listing mode -j is ignored completely - filtering is applied to non-stripped names, -j takes effect first while extracting the files 997ad2c64abbe931dffa3598b015c5de04e515cf strips path components a little bit too early resulting in behavior deviations. Fix it by doing stripping after listing/filtering. p.s. Info-ZIP's unzip behavior is the same as that of tar in --strip-components=NUM mode Signed-off-by: Eugene Rudoy --- archival/unzip.c | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git archival/unzip.c archival/unzip.c index 604166063..83bd00c4e 100644 --- archival/unzip.c +++ archival/unzip.c @@ -799,13 +799,6 @@ /* Guard against "/abspath", "/../" and similar attacks */ overlapping_strcpy(dst_fn, strip_unsafe_prefix(dst_fn)); - if (opts & OPT_j) /* Strip paths? */ - overlapping_strcpy(dst_fn, bb_basename(dst_fn)); - - /* Did this strip everything ("DIR/" case)? Then skip */ - if (!dst_fn[0]) - goto skip_cmpsize; - /* Filter zip entries */ if (find_list_entry(zreject, dst_fn) || (zaccept && !find_list_entry(zaccept, dst_fn)) @@ -870,6 +863,14 @@ /* Extracting to STDOUT */ goto do_extract; } + + if (opts & OPT_j) /* Strip paths? */ + overlapping_strcpy(dst_fn, bb_basename(dst_fn)); + + /* Did this strip everything ("DIR/" case)? Then skip */ + if (!dst_fn[0]) + goto skip_cmpsize; + if (last_char_is(dst_fn, '/')) { int mode;