Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 128748 Details for
Bug 189682
app-arch/tar < 1.18-r2 Directory traversal vulnerability (CVE-2007-4131)
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
tar-1.15.1-alt-contains_dot_dot.diff
tar-1.15.1-alt-contains_dot_dot.diff (text/plain), 531 bytes, created by
Robert Buchholz (RETIRED)
on 2007-08-21 09:38:06 UTC
(
hide
)
Description:
tar-1.15.1-alt-contains_dot_dot.diff
Filename:
MIME Type:
Creator:
Robert Buchholz (RETIRED)
Created:
2007-08-21 09:38:06 UTC
Size:
531 bytes
patch
obsolete
>2005-05-15 Dmitry V. Levin <ldv@altlinux.org> > > * src/names.c (contains_dot_dot): Fix ".." detection. > Previous edition fails to recognize "foo//.." case. > >--- tar-1.15.1/src/names.c.orig 2004-09-06 11:30:54 +0000 >+++ tar-1.15.1/src/names.c 2005-05-15 13:21:13 +0000 >@@ -1152,11 +1152,10 @@ contains_dot_dot (char const *name) > if (p[0] == '.' && p[1] == '.' && (ISSLASH (p[2]) || !p[2])) > return 1; > >- do >+ while (! ISSLASH (*p)) > { > if (! *p++) > return 0; > } >- while (! ISSLASH (*p)); > } > }
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=128748">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 189682
: 128748
