|
Name |
|
Date |
Size |
#Lines |
LOC |
| .. | | 30-Mar-2016 | - |
| README | H A D | 30-Mar-2016 | 2.2 KiB | 45 | 32 |
README
1
2Archives for regression testing.
3
4abspath.lzh - Archive containing a file with an absolute path. For
5 security reasons, file extraction should always be done
6 relative to the extraction path. If extraction to
7 absolute paths was permitted, it would potentially allow
8 arbitrary files on the filesystem to be overwritten.
9
10badterm.lzh - Archive containing a file that includes an unsafe
11 terminal escape sequence (changes the title in the
12 terminal window). This terminal escape sequence should
13 not appear in list output.
14
15dir.lzh - Archive that just contains a directory.
16
17multiple.lzh - Archive containing multiple stored files with different
18 names, for testing wildcard pattern matching.
19
20truncated.lzh - Unexpectedly truncated -lh5- archive.
21
22unixsep.lzh - Archive containing a level 0 header where the filename
23 has a path separated with Unix-style path separators
24 ('/') instead of DOS-style ('\'). This file is manually
25 constructed, but archives like this do exist in the wild.
26
27symlink1.lzh - Symbolic link test. The archive contains a file named
28 foo.txt twice - firstly as a symbolic link to bar.txt,
29 and then as an actual file. Extraction should not
30 create bar.txt, or arbitrary files could be overwritten
31 by a maliciously constructed archive file.
32
33symlink2.lzh - This archive contains a symbolic link with '..' in the
34 target, and a file that tries to use that symlink to
35 overwrite files outside the extract directory.
36
37symlink3.lzh - This archive contains a symbolic link with an absolute
38 path, and a file that tries to use the symlink to
39 overwrite files outside the extract directory.
40
41dotdot.lzh - Archive containing paths with '..'. This could be used
42 to break out of the extract directory and overwrite
43 arbitrary files on the filesystem.
44
45