summaryrefslogtreecommitdiff
path: root/src/database.c
diff options
context:
space:
mode:
authorTimo Teräs <timo.teras@iki.fi>2020-10-07 21:16:13 +0300
committerTimo Teräs <timo.teras@iki.fi>2020-10-07 21:16:35 +0300
commit5f66b618effe48b8a4ab295b067e379e49518346 (patch)
treee75fa4b1eddfc221628067e2d593f699ba4e1e44 /src/database.c
parent90137499afdecdbcd977805786263b6f883680e7 (diff)
downloadapk-tools-5f66b618effe48b8a4ab295b067e379e49518346.tar.gz
apk-tools-5f66b618effe48b8a4ab295b067e379e49518346.tar.bz2
apk-tools-5f66b618effe48b8a4ab295b067e379e49518346.tar.xz
apk-tools-5f66b618effe48b8a4ab295b067e379e49518346.zip
various changes to make clang not give warnings
Diffstat (limited to 'src/database.c')
-rw-r--r--src/database.c8
1 files changed, 4 insertions, 4 deletions
diff --git a/src/database.c b/src/database.c
index 22004bc..bbf072e 100644
--- a/src/database.c
+++ b/src/database.c
@@ -2406,6 +2406,7 @@ static int apk_db_install_archive_entry(void *_ctx,
const struct apk_file_info *ae,
struct apk_istream *is)
{
+ static const char dot1[] = "/./", dot2[] = "/../";
struct install_ctx *ctx = (struct install_ctx *) _ctx;
struct apk_database *db = ctx->db;
struct apk_package *pkg = ctx->pkg, *opkg;
@@ -2448,10 +2449,9 @@ static int apk_db_install_archive_entry(void *_ctx,
/* Sanity check the file name */
if (ae->name[0] == '/' ||
- strncmp(ae->name, "/./"+1, 3) == 0 ||
- strncmp(ae->name, "/../"+1, 3) == 0 ||
- strstr(ae->name, "/./") ||
- strstr(ae->name, "/../")) {
+ strncmp(ae->name, &dot1[1], 2) == 0 ||
+ strncmp(ae->name, &dot2[1], 3) == 0 ||
+ strstr(ae->name, dot1) || strstr(ae->name, dot2)) {
apk_warning(PKG_VER_FMT": ignoring malicious file %s",
PKG_VER_PRINTF(pkg), ae->name);
ipkg->broken_files = 1;
generated by cgit v1.2.3-60-g2f50 (git 2.42.0) at 2024-06-29 08:09:38 +0000