From 05f20a9790fa88011c1ce7099e0a660aa83195a9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Gustavsson?= Date: Fri, 7 Apr 2017 13:07:48 +0200 Subject: erl_tar: Handle leading slashes and directory traversal attacks --- lib/stdlib/doc/src/erl_tar.xml | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'lib/stdlib/doc') diff --git a/lib/stdlib/doc/src/erl_tar.xml b/lib/stdlib/doc/src/erl_tar.xml index f28d8b425b..fab7c832d5 100644 --- a/lib/stdlib/doc/src/erl_tar.xml +++ b/lib/stdlib/doc/src/erl_tar.xml @@ -292,6 +292,10 @@ Fd is assumed to be a file descriptor returned from function file:open/2.

Otherwise, Name is to be a filename.

+

Leading slashes in tar member names will be removed before + writing the file. That is, absolute paths will be turned into + relative paths. There will be an info message written to the error + logger when paths are changed in this way.

 -- cgit v1.2.3