Fix an off-by-1 error in split_name

halostatue / minitar

Minimal pure-ruby support for POSIX tar(1) archives.

Other

38 stars 27 forks source link

Fix an off-by-1 error in split_name #13

Closed fetep closed 7 years ago

fetep commented 9 years ago

In the case of a 101-character name starting with '/', the leading '/' would get stripped in split_name (e.g. adding /#{'a'*100} just ended up in the archive as #{'a'*100}).

coveralls commented 9 years ago

Coverage remained the same at 79.46% when pulling 6a9891a4b847f89f5c5ce8e465f27d09d244af7b on fetep:101charfix into bfc5bfae3aa6582c64141f659a760824e4131884 on halostatue:master.

coveralls commented 9 years ago

Coverage remained the same at 79.46% when pulling 6a9891a4b847f89f5c5ce8e465f27d09d244af7b on fetep:101charfix into bfc5bfae3aa6582c64141f659a760824e4131884 on halostatue:master.

halostatue commented 7 years ago

This may be a tough call, because leading slashes ('/foo') lead to possible security errors on extraction. I need to look a bit deeper.