Merge pull request #1448 from alexcrichton/no-hard-links

ashleygwilliams · web-flow · commit b532fa8c5732 · 2018-06-29T18:16:35.000+02:00
Forbid tarballs with hard links being uploaded
diff --git a/src/uploaders.rs b/src/uploaders.rs
@@ -271,6 +271,17 @@ fn verify_tarball(
         if !entry.path()?.starts_with(&prefix) {
             return Err(human("invalid tarball uploaded"));
         }
+
+        // Historical versions of the `tar` crate which Cargo uses internally
+        // don't properly prevent hard links from overwriting arbitrary files on
+        // the filesystem.
+        //
+        // As a bit of a hammer we reject any tarball with a hard link. Cargo
+        // doesn't currently ever generate a tarball with a hard link so this
+        // should work for now.
+        if entry.header().entry_type().is_hard_link() {
+            return Err(human("invalid tarball uploaded"));
+        }
     }
     Ok(())
 }

Original file line number	Diff line number	Diff line change
`@@ -271,6 +271,17 @@ fn verify_tarball(`
`271`	`271`	`if !entry.path()?.starts_with(&prefix) {`
`272`	`272`	`return Err(human("invalid tarball uploaded"));`
`273`	`273`	`}`
	`274`	`+`
	`275`	+ // Historical versions of the `tar` crate which Cargo uses internally
	`276`	`+ // don't properly prevent hard links from overwriting arbitrary files on`
	`277`	`+ // the filesystem.`
	`278`	`+ //`
	`279`	`+ // As a bit of a hammer we reject any tarball with a hard link. Cargo`
	`280`	`+ // doesn't currently ever generate a tarball with a hard link so this`
	`281`	`+ // should work for now.`
	`282`	`+ if entry.header().entry_type().is_hard_link() {`
	`283`	`+ return Err(human("invalid tarball uploaded"));`
	`284`	`+ }`
`274`	`285`	`}`
`275`	`286`	`Ok(())`
`276`	`287`	`}`