Merge branch 'bjorn/stdlib/erl_tar/OTP-14278'

* bjorn/stdlib/erl_tar/OTP-14278: erl_tar: Handle leading slashes and directory traversal attacks Don't create absolute path names in tar files
author: Björn Gustavsson <[email protected]> 2017-04-19 11:43:29 +0200
committer: Björn Gustavsson <[email protected]> 2017-04-19 11:43:29 +0200
commit: b5b5a7f7469bd041959d4b48e4eeff49faa7f377 (patch)
tree: a607300c1cbc2c7ea66eaf6e96494b1e0467d149 /lib/stdlib/doc
parent: 6124bfc9b61227a5e82f1d7273d0895e909aac6e (diff)
parent: 05f20a9790fa88011c1ce7099e0a660aa83195a9 (diff)
download: otp-b5b5a7f7469bd041959d4b48e4eeff49faa7f377.tar.gz
otp-b5b5a7f7469bd041959d4b48e4eeff49faa7f377.tar.bz2
otp-b5b5a7f7469bd041959d4b48e4eeff49faa7f377.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/lib/stdlib/doc/src/erl_tar.xml b/lib/stdlib/doc/src/erl_tar.xml
index f28d8b425b..fab7c832d5 100644
--- a/lib/stdlib/doc/src/erl_tar.xml
+++ b/lib/stdlib/doc/src/erl_tar.xml
@@ -292,6 +292,10 @@
           <c>Fd</c> is assumed to be a file descriptor returned from function
           <c>file:open/2</c>.</p>
         <p>Otherwise, <c>Name</c> is to be a filename.</p>
+	<note><p>Leading slashes in tar member names will be removed before
+	writing the file. That is, absolute paths will be turned into
+	relative paths. There will be an info message written to the error
+	logger when paths are changed in this way.</p></note>
       </desc>
     </func>
author	Björn Gustavsson <[email protected]>	2017-04-19 11:43:29 +0200
committer	Björn Gustavsson <[email protected]>	2017-04-19 11:43:29 +0200
commit	b5b5a7f7469bd041959d4b48e4eeff49faa7f377 (patch)
tree	a607300c1cbc2c7ea66eaf6e96494b1e0467d149 /lib/stdlib/doc
parent	6124bfc9b61227a5e82f1d7273d0895e909aac6e (diff)
parent	05f20a9790fa88011c1ce7099e0a660aa83195a9 (diff)
download	otp-b5b5a7f7469bd041959d4b48e4eeff49faa7f377.tar.gz otp-b5b5a7f7469bd041959d4b48e4eeff49faa7f377.tar.bz2 otp-b5b5a7f7469bd041959d4b48e4eeff49faa7f377.zip