mirror of
https://github.com/kovidgoyal/kitty.git
synced 2026-07-03 11:12:30 +08:00
More CodeQL fixes
This commit is contained in:
@@ -115,7 +115,7 @@ func ISO8601Parse(raw string) (time.Time, error) {
|
||||
text = text[:9]
|
||||
}
|
||||
if text != "" {
|
||||
if nsec, err = strconv.ParseInt(text, 10, 64); err != nil {
|
||||
if nsec, err = strconv.ParseInt(text, 10, 0); err != nil {
|
||||
return errf("timestamp does not have a valid nanosecond field")
|
||||
}
|
||||
for ; extra > 0; extra-- {
|
||||
|
||||
@@ -60,6 +60,16 @@ func ExtractAllFromTar(tr *tar.Reader, dest_path string, optss ...TarExtractOpti
|
||||
continue
|
||||
}
|
||||
dest = filepath.Join(dest_path, dest)
|
||||
if dest, err = filepath.EvalSymlinks(dest); err != nil {
|
||||
if os.IsNotExist(err) {
|
||||
err = nil
|
||||
} else {
|
||||
return count, err
|
||||
}
|
||||
}
|
||||
if !strings.HasPrefix(filepath.Clean(dest), filepath.Clean(dest_path)+string(os.PathSeparator)) {
|
||||
return count, fmt.Errorf("illegal path in tar archive: %s", hdr.Name)
|
||||
}
|
||||
switch hdr.Typeflag {
|
||||
case tar.TypeDir:
|
||||
err = os.MkdirAll(dest, 0o700)
|
||||
@@ -99,7 +109,15 @@ func ExtractAllFromTar(tr *tar.Reader, dest_path string, optss ...TarExtractOpti
|
||||
if err = os.MkdirAll(filepath.Dir(dest), 0o700); err != nil {
|
||||
return
|
||||
}
|
||||
if err = os.Symlink(hdr.Linkname, dest); err != nil {
|
||||
link_target := hdr.Linkname
|
||||
if !filepath.IsAbs(link_target) {
|
||||
link_target = filepath.Join(filepath.Dir(dest), link_target)
|
||||
}
|
||||
// Ensure the symlink target is within the destination directory
|
||||
if !strings.HasPrefix(filepath.Clean(link_target), filepath.Clean(dest_path)+string(os.PathSeparator)) {
|
||||
return count, fmt.Errorf("illegal symlink target: %s -> %s", hdr.Name, link_target)
|
||||
}
|
||||
if err = os.Symlink(link_target, dest); err != nil {
|
||||
return
|
||||
}
|
||||
if err = set_metadata(nil, hdr); err != nil {
|
||||
|
||||
Reference in New Issue
Block a user