Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 56955 Details for
Bug 89946
app-arch/gzip: several issues (CAN-2005-0988, CAN-2005-1228)
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
gzip-1.3.5-dir-trav.patch
gzip-1.3.5-dir-trav.patch (text/plain), 693 bytes, created by
SpanKY
on 2005-04-22 16:22:32 UTC
(
hide
)
Description:
gzip-1.3.5-dir-trav.patch
Filename:
MIME Type:
Creator:
SpanKY
Created:
2005-04-22 16:22:32 UTC
Size:
693 bytes
patch
obsolete
>Fix a bug reported by Ulf Harnhammar: >gzip: dir traversal bug when using "gunzip -N" > >http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=305255 >http://bugs.gentoo.org/show_bug.cgi?id=89946 > >Patch by Mike Frysinger > >--- gzip.c >+++ gzip.c >@@ -1319,6 +1319,19 @@ > char *base = p; > for (;;) { > *p = (char)get_char(); >+ >+ /* Don't allow embedded names to contain paths. */ >+ if (*p == PATH_SEP >+#ifdef PATH_SEP2 >+ || *p == PATH_SEP2 >+#endif >+#ifdef PATH_SEP3 >+ || *p == PATH_SEP3 >+#endif >+ ) { >+ p = base; >+ continue; >+ } > if (*p++ == '\0') break; > if (p >= ofname+sizeof(ofname)) { > error("corrupted input -- file name too large");
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=56955">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 89946
: 56955 |
57510
