|
357 | 357 | <para>If <paramref name="destinationDirectoryName" /> or any of its parent directories is a pre-existing junction or symbolic link, the link is followed and the extraction writes to the final target folder.</para> |
358 | 358 | <para>Files of type <see cref="F:System.Formats.Tar.TarEntryType.BlockDevice" />, <see cref="F:System.Formats.Tar.TarEntryType.CharacterDevice" />, or <see cref="F:System.Formats.Tar.TarEntryType.Fifo" /> can only be extracted in Unix platforms.</para> |
359 | 359 | <para>Elevation is required to extract a <see cref="F:System.Formats.Tar.TarEntryType.BlockDevice" /> or <see cref="F:System.Formats.Tar.TarEntryType.CharacterDevice" /> to disk.</para> |
| 360 | + <para>This method doesn't limit the total extracted size or the number of entries extracted from the archive. When processing archives from untrusted sources, iterate over the entries manually using <see cref="T:System.Formats.Tar.TarReader" />, and validate that the size and the number of entries are within acceptable limits for your scenario.</para> |
360 | 361 | </remarks> |
361 | 362 | <exception cref="T:System.ArgumentNullException"> |
362 | 363 | <paramref name="source" /> or <paramref name="destinationDirectoryName" /> is <see langword="null" />.</exception> |
@@ -411,6 +412,7 @@ Extracting one of the tar entries would have resulted in a file outside the spec |
411 | 412 | <para>If <paramref name="destinationDirectoryName" /> or any of its parent directories is a pre-existing junction or symbolic link, the link is followed and the extraction writes to the final target folder.</para> |
412 | 413 | <para>Files of type <see cref="F:System.Formats.Tar.TarEntryType.BlockDevice" />, <see cref="F:System.Formats.Tar.TarEntryType.CharacterDevice" />, or <see cref="F:System.Formats.Tar.TarEntryType.Fifo" /> can only be extracted in Unix platforms.</para> |
413 | 414 | <para>Elevation is required to extract a <see cref="F:System.Formats.Tar.TarEntryType.BlockDevice" /> or <see cref="F:System.Formats.Tar.TarEntryType.CharacterDevice" /> to disk.</para> |
| 415 | + <para>This method doesn't limit the total extracted size or the number of entries extracted from the archive. When processing archives from untrusted sources, iterate over the entries manually using <see cref="T:System.Formats.Tar.TarReader" />, and validate that the size and the number of entries are within acceptable limits for your scenario.</para> |
414 | 416 | </remarks> |
415 | 417 | <exception cref="T:System.ArgumentNullException"> |
416 | 418 | <paramref name="sourceFileName" /> or <paramref name="destinationDirectoryName" /> is <see langword="null" />.</exception> |
@@ -464,6 +466,7 @@ Extracting one of the tar entries would have resulted in a file outside the spec |
464 | 466 | <para>If <paramref name="destinationDirectoryName" /> or any of its parent directories is a pre-existing junction or symbolic link, the link is followed and the extraction writes to the final target folder.</para> |
465 | 467 | <para>Files of type <see cref="F:System.Formats.Tar.TarEntryType.BlockDevice" />, <see cref="F:System.Formats.Tar.TarEntryType.CharacterDevice" />, or <see cref="F:System.Formats.Tar.TarEntryType.Fifo" /> can only be extracted in Unix platforms.</para> |
466 | 468 | <para>Elevation is required to extract a <see cref="F:System.Formats.Tar.TarEntryType.BlockDevice" /> or <see cref="F:System.Formats.Tar.TarEntryType.CharacterDevice" /> to disk.</para> |
| 469 | + <para>This method doesn't limit the total extracted size or the number of entries extracted from the archive. When processing archives from untrusted sources, iterate over the entries manually using <see cref="T:System.Formats.Tar.TarReader" />, and validate that the size and the number of entries are within acceptable limits for your scenario.</para> |
467 | 470 | <para>This method stores in the task it returns all non-usage exceptions that the method's synchronous counterpart can throw. If an exception is stored into the returned task, that exception will be thrown when the task is awaited. Usage exceptions, such as <see cref="T:System.ArgumentException" />, are still thrown synchronously. For the stored exceptions, see the exceptions thrown by <see cref="M:System.Formats.Tar.TarFile.ExtractToDirectory(System.IO.Stream,System.String,System.Boolean)" />.</para> |
468 | 471 | </remarks> |
469 | 472 | <exception cref="T:System.ArgumentNullException"> |
@@ -522,6 +525,7 @@ Extracting one of the tar entries would have resulted in a file outside the spec |
522 | 525 | <para>If <paramref name="destinationDirectoryName" /> or any of its parent directories is a pre-existing junction or symbolic link, the link is followed and the extraction writes to the final target folder.</para> |
523 | 526 | <para>Files of type <see cref="F:System.Formats.Tar.TarEntryType.BlockDevice" />, <see cref="F:System.Formats.Tar.TarEntryType.CharacterDevice" />, or <see cref="F:System.Formats.Tar.TarEntryType.Fifo" /> can only be extracted in Unix platforms.</para> |
524 | 527 | <para>Elevation is required to extract a <see cref="F:System.Formats.Tar.TarEntryType.BlockDevice" /> or <see cref="F:System.Formats.Tar.TarEntryType.CharacterDevice" /> to disk.</para> |
| 528 | + <para>This method doesn't limit the total extracted size or the number of entries extracted from the archive. When processing archives from untrusted sources, iterate over the entries manually using <see cref="T:System.Formats.Tar.TarReader" />, and validate that the size and the number of entries are within acceptable limits for your scenario.</para> |
525 | 529 | <para>This method stores in the task it returns all non-usage exceptions that the method's synchronous counterpart can throw. If an exception is stored into the returned task, that exception will be thrown when the task is awaited. Usage exceptions, such as <see cref="T:System.ArgumentException" />, are still thrown synchronously. For the stored exceptions, see the exceptions thrown by <see cref="M:System.Formats.Tar.TarFile.ExtractToDirectory(System.String,System.String,System.Boolean)" />.</para> |
526 | 530 | </remarks> |
527 | 531 | <exception cref="T:System.ArgumentNullException"> |
|
0 commit comments