Denys Vlasenko
|
3fb6b31c71
|
tar: strip unsafe hardlink components - GNU tar does the same
Defends against files like these (python reproducer):
import tarfile
ti = tarfile.TarInfo("leak_hosts")
ti.type = tarfile.LNKTYPE
ti.linkname = "/etc/hosts" # or "../etc/hosts" or ".."
ti.size = 0
with tarfile.open("/tmp/hardlink.tar", "w") as t:
t.addfile(ti)
function old new delta
skip_unsafe_prefix - 127 +127
get_header_tar 1752 1754 +2
.rodata 106861 106856 -5
unzip_main 2715 2706 -9
strip_unsafe_prefix 102 18 -84
------------------------------------------------------------------------------
(add/remove: 1/0 grow/shrink: 1/3 up/down: 129/-98) Total: 31 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
2026-01-29 12:01:56 +01:00 |
|
Denys Vlasenko
|
28e4d2b854
|
httpd: optimize example CGIs
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
2026-01-26 07:21:11 +01:00 |
|
Denys Vlasenko
|
01ea35e81d
|
httpd: simplify CGI code a bit, add a bunch of TODOs and FIXMEs
function old new delta
log_and_exit 33 25 -8
handle_incoming_and_exit 2298 2290 -8
send_cgi_and_exit 784 770 -14
cgi_io_loop_and_exit 538 477 -61
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 0/4 up/down: 0/-91) Total: -91 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
2026-01-23 02:18:30 +01:00 |
|
Denys Vlasenko
|
58b46b7d67
|
networking/httpd_ratelimit_cgi.c: new example CGI handler
text data bss dec hex filename
4003 40 352 4395 112b httpd_ratelimit_cgi
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
2026-01-21 18:47:56 +01:00 |
|