Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 407310 Details for
Bug 487686
<dev-libs/libtar-1.2.20-r3: "tar_extract_glob()" and "tar_extract_all()" Directory Traversal Vulnerabilities (CVE-2013-4420)
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
libtar-CVE-2013-4420.patch
libtar-CVE-2013-4420.patch (text/plain), 2.40 KB, created by
Nick Andrade
on 2015-07-21 04:08:55 UTC
(
hide
)
Description:
libtar-CVE-2013-4420.patch
Filename:
MIME Type:
Creator:
Nick Andrade
Created:
2015-07-21 04:08:55 UTC
Size:
2.40 KB
patch
obsolete
>--- a/libtar/lib/decode.c 2013-10-09 09:59:44.000000000 -0700 >+++ b/libtar/lib/decode.c 2015-07-20 20:57:58.331945962 -0700 >@@ -21,24 +21,55 @@ > # include <string.h> > #endif > >+char * >+safer_name_suffix (char const *file_name) >+{ >+ char const *p, *t; >+ p = t = file_name; >+ while (*p) >+ { >+ if (p[0] == '.' && p[0] == p[1] && p[2] == '/') >+ { >+ p += 3; >+ t = p; >+ } >+ /* advance pointer past the next slash */ >+ while (*p && (p++)[0] != '/'); >+ } >+ >+ if (!*t) >+ { >+ t = "."; >+ } >+ >+ if (t != file_name) >+ { >+ /* TODO: warn somehow that the path was modified */ >+ } >+ return (char*)t; >+} >+ > > /* determine full path name */ > char * > th_get_pathname(TAR *t) > { > static TLS_THREAD char filename[MAXPATHLEN]; >+ char *safer_name; > > if (t->th_buf.gnu_longname) >- return t->th_buf.gnu_longname; >+ return safer_name_suffix(t->th_buf.gnu_longname); >+ >+ safer_name = safer_name_suffix(t->th_buf.name); > > if (t->th_buf.prefix[0] != '\0') > { > snprintf(filename, sizeof(filename), "%.155s/%.100s", >- t->th_buf.prefix, t->th_buf.name); >+ t->th_buf.prefix, safer_name); > return filename; > } > >- snprintf(filename, sizeof(filename), "%.100s", t->th_buf.name); >+ snprintf(filename, sizeof(filename), "%.100s", safer_name); > return filename; > } > >--- a/libtar/lib/extract.c 2013-10-09 09:59:44.000000000 -0700 >+++ b/libtar/lib/extract.c 2015-07-20 21:00:16.560956122 -0700 >@@ -305,7 +305,7 @@ > linktgt = &lnp[strlen(lnp) + 1]; > } > else >- linktgt = th_get_linkname(t); >+ linktgt = safer_name_suffix(th_get_linkname(t)); > > #ifdef DEBUG > printf(" ==> extracting: %s (link to %s)\n", filename, linktgt); >@@ -343,9 +343,9 @@ > > #ifdef DEBUG > printf(" ==> extracting: %s (symlink to %s)\n", >- filename, th_get_linkname(t)); >+ filename, safer_name_suffix(th_get_linkname(t))); > #endif >- if (symlink(th_get_linkname(t), filename) == -1) >+ if (symlink(safer_name_suffix(th_get_linkname(t)), filename) == -1) > { > #ifdef DEBUG > perror("symlink()"); >--- a/libtar/lib/internal.h 2013-10-09 09:59:44.000000000 -0700 >+++ b/libtar/lib/internal.h 2015-07-20 21:00:51.258958673 -0700 >@@ -15,6 +15,7 @@ > > #include <libtar.h> > >+char* safer_name_suffix(char const*); > #ifdef TLS > #define TLS_THREAD TLS > #else
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=407310">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 487686
: 407310
