brl/citadel
1
0
Fork 2
Code Issues Pull Requests 3 Packages Projects Releases Wiki Activity
citadel/poky/meta/recipes-extended/tar/tar/CVE-2016-6321.patch

67 lines
1.9 KiB
Diff
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

From 7340f67b9860ea0531c1450e5aa261c50f67165d Mon Sep 17 00:00:00 2001
From: Paul Eggert <eggert@Penguin.CS.UCLA.EDU>
Date: Sat, 29 Oct 2016 21:04:40 -0700
Subject: [PATCH] When extracting, skip ".." members
* NEWS: Document this.
* src/extract.c (extract_archive): Skip members whose names
contain "..".
CVE: CVE-2016-6321
Upstream-Status: Backport
Cherry picked from commit: 7340f67 When extracting, skip ".." members
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
---
NEWS | 8 +++++++-
src/extract.c | 8 ++++++++
2 files changed, 15 insertions(+), 1 deletion(-)
diff --git a/NEWS b/NEWS
index 501164a..fc97cfc 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,12 @@
-GNU tar NEWS - User visible changes. 2016-05-16
+GNU tar NEWS - User visible changes. 2016-10-29
Please send GNU tar bug reports to <bug-tar@gnu.org>
+* Member names containing '..' components are now skipped when extracting.
+
+This fixes tar's behavior to match its documentation, and is a bit
+safer when extracting untrusted archives over old files (an unsafe
+practice that the tar manual has long recommended against).
+
version 1.29 - Sergey Poznyakoff, 2016-05-16
diff --git a/src/extract.c b/src/extract.c
index f982433..7904148 100644
--- a/src/extract.c
+++ b/src/extract.c
@@ -1629,12 +1629,20 @@ extract_archive (void)
{
char typeflag;
tar_extractor_t fun;
+ bool skip_dotdot_name;
fatal_exit_hook = extract_finish;
set_next_block_after (current_header);
+ skip_dotdot_name = (!absolute_names_option
+ && contains_dot_dot (current_stat_info.orig_file_name));
+ if (skip_dotdot_name)
+ ERROR ((0, 0, _("%s: Member name contains '..'"),
+ quotearg_colon (current_stat_info.orig_file_name)));
+
if (!current_stat_info.file_name[0]
+ || skip_dotdot_name
|| (interactive_option
&& !confirm ("extract", current_stat_info.file_name)))
{
--
1.9.1
Reference in New Issue View Git Blame Copy Permalink