aboutsummaryrefslogtreecommitdiffstats
path: root/lib/stdlib/doc
diff options
context:
space:
mode:
authorBjörn Gustavsson <[email protected]>2017-04-07 13:07:48 +0200
committerBjörn Gustavsson <[email protected]>2017-04-13 12:39:29 +0200
commit05f20a9790fa88011c1ce7099e0a660aa83195a9 (patch)
treea3609717bad1ca86db18aa722b95cb04ef15f80b /lib/stdlib/doc
parent74cf5ae0d850cf38fab24edf2c3f26b860b080ed (diff)
downloadotp-05f20a9790fa88011c1ce7099e0a660aa83195a9.tar.gz
otp-05f20a9790fa88011c1ce7099e0a660aa83195a9.tar.bz2
otp-05f20a9790fa88011c1ce7099e0a660aa83195a9.zip
erl_tar: Handle leading slashes and directory traversal attacks
Diffstat (limited to 'lib/stdlib/doc')
-rw-r--r--lib/stdlib/doc/src/erl_tar.xml4
1 files changed, 4 insertions, 0 deletions
diff --git a/lib/stdlib/doc/src/erl_tar.xml b/lib/stdlib/doc/src/erl_tar.xml
index f28d8b425b..fab7c832d5 100644
--- a/lib/stdlib/doc/src/erl_tar.xml
+++ b/lib/stdlib/doc/src/erl_tar.xml
@@ -292,6 +292,10 @@
<c>Fd</c> is assumed to be a file descriptor returned from function
<c>file:open/2</c>.</p>
<p>Otherwise, <c>Name</c> is to be a filename.</p>
+ <note><p>Leading slashes in tar member names will be removed before
+ writing the file. That is, absolute paths will be turned into
+ relative paths. There will be an info message written to the error
+ logger when paths are changed in this way.</p></note>
</desc>
</func>