libtar: fix CVE-2013-4420
also fix the homepage&license in the process
This commit is contained in:
parent
2285e6ba15
commit
f2c232f10f
|
@ -0,0 +1,113 @@
|
||||||
|
Author: Raphael Geissert <geissert@debian.org>
|
||||||
|
Bug-Debian: https://bugs.debian.org/731860
|
||||||
|
Description: Avoid directory traversal when extracting archives
|
||||||
|
by skipping over leading slashes and any prefix containing ".." components.
|
||||||
|
Forwarded: yes
|
||||||
|
|
||||||
|
--- a/lib/decode.c
|
||||||
|
+++ b/lib/decode.c
|
||||||
|
@@ -22,13 +22,42 @@
|
||||||
|
# include <string.h>
|
||||||
|
#endif
|
||||||
|
|
||||||
|
+char *
|
||||||
|
+safer_name_suffix (char const *file_name)
|
||||||
|
+{
|
||||||
|
+ char const *p, *t;
|
||||||
|
+ p = t = file_name;
|
||||||
|
+ while (*p == '/') t = ++p;
|
||||||
|
+ while (*p)
|
||||||
|
+ {
|
||||||
|
+ while (p[0] == '.' && p[0] == p[1] && p[2] == '/')
|
||||||
|
+ {
|
||||||
|
+ p += 3;
|
||||||
|
+ t = p;
|
||||||
|
+ }
|
||||||
|
+ /* advance pointer past the next slash */
|
||||||
|
+ while (*p && (p++)[0] != '/');
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (!*t)
|
||||||
|
+ {
|
||||||
|
+ t = ".";
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (t != file_name)
|
||||||
|
+ {
|
||||||
|
+ /* TODO: warn somehow that the path was modified */
|
||||||
|
+ }
|
||||||
|
+ return (char*)t;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
|
||||||
|
/* determine full path name */
|
||||||
|
char *
|
||||||
|
th_get_pathname(TAR *t)
|
||||||
|
{
|
||||||
|
if (t->th_buf.gnu_longname)
|
||||||
|
- return t->th_buf.gnu_longname;
|
||||||
|
+ return safer_name_suffix(t->th_buf.gnu_longname);
|
||||||
|
|
||||||
|
/* allocate the th_pathname buffer if not already */
|
||||||
|
if (t->th_pathname == NULL)
|
||||||
|
@@ -51,7 +80,7 @@ th_get_pathname(TAR *t)
|
||||||
|
}
|
||||||
|
|
||||||
|
/* will be deallocated in tar_close() */
|
||||||
|
- return t->th_pathname;
|
||||||
|
+ return safer_name_suffix(t->th_pathname);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
--- a/lib/extract.c
|
||||||
|
+++ b/lib/extract.c
|
||||||
|
@@ -298,14 +298,14 @@ tar_extract_hardlink(TAR * t, char *real
|
||||||
|
if (mkdirhier(dirname(filename)) == -1)
|
||||||
|
return -1;
|
||||||
|
libtar_hashptr_reset(&hp);
|
||||||
|
- if (libtar_hash_getkey(t->h, &hp, th_get_linkname(t),
|
||||||
|
+ if (libtar_hash_getkey(t->h, &hp, safer_name_suffix(th_get_linkname(t)),
|
||||||
|
(libtar_matchfunc_t)libtar_str_match) != 0)
|
||||||
|
{
|
||||||
|
lnp = (char *)libtar_hashptr_data(&hp);
|
||||||
|
linktgt = &lnp[strlen(lnp) + 1];
|
||||||
|
}
|
||||||
|
else
|
||||||
|
- linktgt = th_get_linkname(t);
|
||||||
|
+ linktgt = safer_name_suffix(th_get_linkname(t));
|
||||||
|
|
||||||
|
#ifdef DEBUG
|
||||||
|
printf(" ==> extracting: %s (link to %s)\n", filename, linktgt);
|
||||||
|
@@ -343,9 +343,9 @@ tar_extract_symlink(TAR *t, char *realna
|
||||||
|
|
||||||
|
#ifdef DEBUG
|
||||||
|
printf(" ==> extracting: %s (symlink to %s)\n",
|
||||||
|
- filename, th_get_linkname(t));
|
||||||
|
+ filename, safer_name_suffix(th_get_linkname(t)));
|
||||||
|
#endif
|
||||||
|
- if (symlink(th_get_linkname(t), filename) == -1)
|
||||||
|
+ if (symlink(safer_name_suffix(th_get_linkname(t)), filename) == -1)
|
||||||
|
{
|
||||||
|
#ifdef DEBUG
|
||||||
|
perror("symlink()");
|
||||||
|
--- a/lib/internal.h
|
||||||
|
+++ b/lib/internal.h
|
||||||
|
@@ -21,3 +21,4 @@
|
||||||
|
#define TLS_THREAD
|
||||||
|
#endif
|
||||||
|
|
||||||
|
+char* safer_name_suffix(char const*);
|
||||||
|
--- a/lib/output.c
|
||||||
|
+++ b/lib/output.c
|
||||||
|
@@ -123,9 +123,9 @@ th_print_long_ls(TAR *t)
|
||||||
|
else
|
||||||
|
printf(" link to ");
|
||||||
|
if ((t->options & TAR_GNU) && t->th_buf.gnu_longlink != NULL)
|
||||||
|
- printf("%s", t->th_buf.gnu_longlink);
|
||||||
|
+ printf("%s", safer_name_suffix(t->th_buf.gnu_longlink));
|
||||||
|
else
|
||||||
|
- printf("%.100s", t->th_buf.linkname);
|
||||||
|
+ printf("%.100s", safer_name_suffix(t->th_buf.linkname));
|
||||||
|
}
|
||||||
|
|
||||||
|
putchar('\n');
|
|
@ -1,16 +1,17 @@
|
||||||
# Template file for 'libtar'
|
# Template file for 'libtar'
|
||||||
pkgname=libtar
|
pkgname=libtar
|
||||||
version=1.2.20
|
version=1.2.20
|
||||||
revision=2
|
revision=3
|
||||||
wrksrc="$pkgname"
|
wrksrc="$pkgname"
|
||||||
|
patch_args="-Np1"
|
||||||
build_style=gnu-configure
|
build_style=gnu-configure
|
||||||
hostmakedepends="automake libtool pkg-config"
|
hostmakedepends="automake libtool pkg-config"
|
||||||
makedepends="zlib-devel"
|
makedepends="zlib-devel"
|
||||||
short_desc="C library for manipulating POSIX tar files"
|
short_desc="C library for manipulating POSIX tar files"
|
||||||
maintainer="Juan RP <xtraeme@voidlinux.eu>"
|
maintainer="Juan RP <xtraeme@voidlinux.eu>"
|
||||||
license="BSD"
|
license="BSD-3-Clause"
|
||||||
homepage="http://www.feep.net/libtar/"
|
homepage="https://repo.or.cz/w/libtar.git"
|
||||||
distfiles="ftp://ftp.netbsd.org/pub/pkgsrc/distfiles/libtar-${version}.tar.gz"
|
distfiles="https://ftp.netbsd.org/pub/pkgsrc/distfiles/libtar-${version}.tar.gz"
|
||||||
checksum=43c5f50e6b4398c8be35d6f3abee26064c3f26174715b60004576792e3283353
|
checksum=43c5f50e6b4398c8be35d6f3abee26064c3f26174715b60004576792e3283353
|
||||||
|
|
||||||
post_install() {
|
post_install() {
|
||||||
|
|
Loading…
Reference in New Issue