Skip to content

Commit

Permalink
security fix: check file name if used with ar
Browse files Browse the repository at this point in the history
  • Loading branch information
wofr06 committed Nov 10, 2024
1 parent 4a9699e commit 07a1aac
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 0 deletions.
1 change: 1 addition & 0 deletions ChangeLog
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
****************************************************************************
# ChangeLog for lesspipe.sh #
****************************************************************************
- security fix: check file name if used with ar
- add --ansi to mdcat (fixes #48)
- improved recognition of appimage files
Version 2.15 Oct 03 2024
Expand Down
10 changes: 10 additions & 0 deletions lesspipe.sh
Original file line number Diff line number Diff line change
Expand Up @@ -369,6 +369,11 @@ get_unpack_cmd () {
{ has_cmd 7za && prog=7za; } ;;
esac
fi
if [[ "$prog" = ar && "$2" = *@* ]]; then
t=$(nexttmp)
cat "$2" > "$t"
set "$2" "$t"
fi
[[ -n $prog ]] && cmd=(isarchive "$prog" "$2" "$file2")
if [[ -n ${cmd[*]} ]]; then
[[ -n "$file2" ]] && file2= && return
Expand Down Expand Up @@ -747,6 +752,11 @@ isdeb () {
bsdtar xOf "$1" "$data" | bsdtar xOf - "$2"
fi
else
if [[ "$1" = *@* ]]; then
t=$(nexttmp)
cat "$1" > "$t"
set "$1" "$t"
fi
data=$(ar t "$1"|grep data)
ft=$(ar p "$1" "$data" | filetype -)
get_unpack_cmd "$ft" -
Expand Down

0 comments on commit 07a1aac

Please sign in to comment.