saltstack/salt
1
0
Fork 0
mirror of https://github.com/saltstack/salt.git synced 2025-04-17 10:10:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Merge pull request #48002 from rallytime/bp-47923

Browse source 
Back-port #47923 to 2018.3
This commit is contained in:
Nicole Thomas 2018-06-07 11:25:38 -04:00 committed by GitHub
commit 5c11fcde60
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
salt/modules/state.py
View file

@ -1991,9 +1991,9 @@ def pkg(pkg_path,
# Verify that the tarball does not extract outside of the intended root
members = s_pkg.getmembers()
for member in members:
if member.path.startswith((os.sep, '..{0}'.format(os.sep))):
if salt.utils.stringutils.to_unicode(member.path).startswith((os.sep, '..{0}'.format(os.sep))):
return {}
elif '..{0}'.format(os.sep) in member.path:
elif '..{0}'.format(os.sep) in salt.utils.stringutils.to_unicode(member.path):
return {}
s_pkg.extractall(root)
s_pkg.close()