[diffoscope] 03/03: comparators.squashfs: Extract archive in one go rather than per-file, speeding up ISO comparison by ~10x

Chris Lamb lamby at debian.org
Mon Mar 20 16:31:13 CET 2017


Hi Ximin,

> > commit 52b70b269e4faa31dba92799f57cc135dcb60832
> > Author: Chris Lamb <lamby at debian.org>
> > 
> >     comparators.squashfs: Extract archive in one go rather
> >     than per-file, speeding up ISO comparison by ~10x
>
> Hi Chris, do you know if it is possible for squashfs images to
> contain tricky paths like /evil/path or ../../../../evil/path

I've never *seen* such a thing but if this were the case we would be
vulnerable regardless of whether we extracted per file or per archive;
the exploit — if it exists — would be in unsquashfs.

Hope that helps.


Regards,

-- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby at debian.org / chris-lamb.co.uk
       `-


More information about the diffoscope mailing list