[issue21109] tarfile: Traversal attack vulnerability
shashank
report at bugs.python.org
Fri Sep 14 03:21:54 EDT 2018
shashank <shanx.shashank at gmail.com> added the comment:
Figured a fix for the bug I found, trick was to keep track of current working dir of symlink it was trying to evaluate.
Attached patch: safetarfile-3.diff
Patch is for code only.
I'd like to see this go thorough, and would appreciate feedback.
----------
Added file: https://bugs.python.org/file47803/safetarfile-3.diff
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue21109>
_______________________________________
More information about the Python-bugs-list
mailing list