Directory traversal check only works on GNU libc

Closes #99
twogood · Feb 11, 2020 · 3f2e0a2 · 3f2e0a2
1 parent 581870d
commit 3f2e0a2
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/src/unshield.c b/src/unshield.c
@@ -511,6 +511,7 @@ static bool extract_file(Unshield* unshield, const char* prefix, int index)
   }
 #endif
 
+#ifdef __GLIBC__
   /* use GNU extension to return non-existing files to real_output_directory */
   realpath(output_directory, real_output_directory);
   realpath(filename, real_filename);
@@ -519,11 +520,13 @@ static bool extract_file(Unshield* unshield, const char* prefix, int index)
                                        strlen(real_output_directory)) != 0)
   {
     fprintf(stderr, "\n\nExtraction failed.\n");
+    fprintf(stderr, "Error: %s (%d).\n", strerror(errno), errno);
     fprintf(stderr, "Possible directory traversal attack for: %s\n", filename);
     fprintf(stderr, "To be placed at: %s\n\n", real_filename);
     success = false;
     goto exit;
   }
+#endif
 
   printf("  extracting: %s\n", filename);
   switch (format)