Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code | Sign in
(274268)

#21109: tarfile: Traversal attack vulnerability

Can't Edit
Can't Publish+Mail
Start Review
Created:
5 years, 4 months ago by danigm
Modified:
5 years, 3 months ago
Reviewers:
vadmium+py
CC:
Georg, jcea, lars.gustaebel, taleinat, christian.heimes, Benjamin Peterson, jwilk_jwilk.net, ned.deily, Arfrever, Martin Panter, storchaka, edulix_gmail.com, danigm_wadobo.com, psyker156_gmail.com, shanx.shashank_gmail.com, epicfaace, uhei3nn9_mailbox.org, websurfer_surf2c.net
Visibility:
Public.

Patch Set 1 #

Patch Set 2 #

Total comments: 1
Unified diffs Side-by-side diffs Delta from patch set Stats Patch
Doc/library/tarfile.rst View 1 6 chunks +181 lines, -1 line 0 comments Download
Lib/tarfile.py View 1 8 chunks +150 lines, -4 lines 1 comment Download

Messages

Total messages: 1
Martin Panter
5 years, 3 months ago #1
http://bugs.python.org/review/21109/diff/11771/Lib/tarfile.py
File Lib/tarfile.py (right):

http://bugs.python.org/review/21109/diff/11771/Lib/tarfile.py#newcode2517
Lib/tarfile.py:2517: if name.startswith("../"):
I think this won’t help on Windows:

>>> ntpath.normpath("../blaua")
'..\\blaua'
Sign in to reply to this message.

RSS Feeds Recent Issues | This issue
This is Rietveld 894c83f36cb7+