Cypherpunks repositories - gostls13.git/commit

author	Damien Neil <dneil@google.com>
	Thu, 22 Sep 2022 23:22:04 +0000 (16:22 -0700)
committer	Gopher Robot <gobot@golang.org>
	Wed, 16 Nov 2022 23:36:48 +0000 (23:36 +0000)
commit	a2d8157a7ecc8c7a91c93182ae4778aef505677e
tree	4ccbb99c63cf2f446b10f3b7f337e8355f2b17c4	tree
parent	6d0bf438e302afcb0db5422ea2da59d1995e08c1	commit \| diff

archive/tar, archive/zip: return ErrInsecurePath for unsafe paths

Return a distinguishable error when reading an archive file
with a path that is:

- absolute
- escapes the current directory (../a)
- on Windows, a reserved name such as NUL

Users may ignore this error and proceed if they do not need name
sanitization or intend to perform it themselves.

Fixes #25849
Fixes #55356

Change-Id: Ieefa163f00384bc285ab329ea21a6561d39d8096
Reviewed-on: https://go-review.googlesource.com/c/go/+/449937
Reviewed-by: Joseph Tsai <joetsai@digital-static.net>
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Damien Neil <dneil@google.com>
Auto-Submit: Damien Neil <dneil@google.com>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>

api/next/55356.txt	[new file with mode: 0644]	blob
doc/go1.20.html		diff \| blob \| history
src/archive/tar/common.go		diff \| blob \| history
src/archive/tar/reader.go		diff \| blob \| history
src/archive/tar/reader_test.go		diff \| blob \| history
src/archive/tar/writer_test.go		diff \| blob \| history
src/archive/zip/reader.go		diff \| blob \| history
src/archive/zip/reader_test.go		diff \| blob \| history
src/archive/zip/struct.go		diff \| blob \| history