diff options
author | Björn Gustavsson <[email protected]> | 2017-04-07 13:07:48 +0200 |
---|---|---|
committer | Björn Gustavsson <[email protected]> | 2017-04-13 12:39:29 +0200 |
commit | 05f20a9790fa88011c1ce7099e0a660aa83195a9 (patch) | |
tree | a3609717bad1ca86db18aa722b95cb04ef15f80b /lib/stdlib/doc/src | |
parent | 74cf5ae0d850cf38fab24edf2c3f26b860b080ed (diff) | |
download | otp-05f20a9790fa88011c1ce7099e0a660aa83195a9.tar.gz otp-05f20a9790fa88011c1ce7099e0a660aa83195a9.tar.bz2 otp-05f20a9790fa88011c1ce7099e0a660aa83195a9.zip |
erl_tar: Handle leading slashes and directory traversal attacks
Diffstat (limited to 'lib/stdlib/doc/src')
-rw-r--r-- | lib/stdlib/doc/src/erl_tar.xml | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/lib/stdlib/doc/src/erl_tar.xml b/lib/stdlib/doc/src/erl_tar.xml index f28d8b425b..fab7c832d5 100644 --- a/lib/stdlib/doc/src/erl_tar.xml +++ b/lib/stdlib/doc/src/erl_tar.xml @@ -292,6 +292,10 @@ <c>Fd</c> is assumed to be a file descriptor returned from function <c>file:open/2</c>.</p> <p>Otherwise, <c>Name</c> is to be a filename.</p> + <note><p>Leading slashes in tar member names will be removed before + writing the file. That is, absolute paths will be turned into + relative paths. There will be an info message written to the error + logger when paths are changed in this way.</p></note> </desc> </func> |