busybox/include
Denys Vlasenko 3fb6b31c71 tar: strip unsafe hardlink components - GNU tar does the same
Defends against files like these (python reproducer):

import tarfile
ti = tarfile.TarInfo("leak_hosts")
ti.type = tarfile.LNKTYPE
ti.linkname = "/etc/hosts"  # or "../etc/hosts" or ".."
ti.size = 0
with tarfile.open("/tmp/hardlink.tar", "w") as t:
	t.addfile(ti)

function                                             old     new   delta
skip_unsafe_prefix                                     -     127    +127
get_header_tar                                      1752    1754      +2
.rodata                                           106861  106856      -5
unzip_main                                          2715    2706      -9
strip_unsafe_prefix                                  102      18     -84
------------------------------------------------------------------------------
(add/remove: 1/0 grow/shrink: 1/3 up/down: 129/-98)            Total: 31 bytes

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2026-01-29 12:01:56 +01:00
..
.gitignore
applet_metadata.h
applets.h.sh
applets.src.h
ar_.h archival: avoid std namespace for local includes 2020-11-16 13:24:24 +01:00
bb_archive.h tar: strip unsafe hardlink components - GNU tar does the same 2026-01-29 12:01:56 +01:00
bb_e2fs_defs.h lsattr: support more ext2 flags 2021-06-20 12:34:05 +02:00
busybox.h
dump.h libbb/dump: make xxd_displayoff member conditional on xxd 2023-05-27 14:52:17 +02:00
fix_u32.h
grp_.h
inet_common.h
libbb.h httpd: code shrink via "split-globals" trick 2026-01-24 05:22:33 +01:00
liblzo_interface.h
platform.h httpd: simplify CGI headers handling, check "HTTP/1.1" prefix, not just "HTTP" 2026-01-23 10:14:04 +01:00
pwd_.h
rtc_.h hwclock: add get/set parameters option 2023-07-12 16:27:49 +02:00
shadow_.h
unicode.h
usage.src.h password applets: update help text 2025-07-18 07:28:32 +02:00
volume_id.h
xatonum.h
xregex.h