File tree 1 file changed +6
-7
lines changed
1 file changed +6
-7
lines changed Original file line number Diff line number Diff line change @@ -273,13 +273,12 @@ fn verify_tarball(
273273 }
274274
275275 // Historical versions of the `tar` crate which Cargo uses internally
276- // don't properly prevent hard links from overwriting arbitrary files on
277- // the filesystem.
278- //
279- // As a bit of a hammer we reject any tarball with a hard link. Cargo
280- // doesn't currently ever generate a tarball with a hard link so this
281- // should work for now.
282- if entry. header ( ) . entry_type ( ) . is_hard_link ( ) {
276+ // don't properly prevent hard links and symlinks from overwriting
277+ // arbitrary files on the filesystem. As a bit of a hammer we reject any
278+ // tarball with these sorts of links. Cargo doesn't currently ever
279+ // generate a tarball with these file types so this should work for now.
280+ let entry_type = entry. header ( ) . entry_type ( ) ;
281+ if entry_type. is_hard_link ( ) || entry_type. is_symlink ( ) {
283282 return Err ( human ( "invalid tarball uploaded" ) ) ;
284283 }
285284 }
You can’t perform that action at this time.
0 commit comments