-
Notifications
You must be signed in to change notification settings - Fork 31
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Skip members whose names contain "..". Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6321 Upstream patch: http://git.savannah.gnu.org/cgit/tar.git/commit/?id=7340f67b9860ea0531c1450e5aa261c50f671 (From OE-Core rev: cfa2b5facd1aa6a2bac4cb04687e1a977c533934) Signed-off-by: Sona Sarmadi <[email protected]> Signed-off-by: Ross Burton <[email protected]> Signed-off-by: Richard Purdie <[email protected]>
- Loading branch information
1 parent
010b368
commit a38ab4d
Showing
2 changed files
with
67 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,66 @@ | ||
| From 7340f67b9860ea0531c1450e5aa261c50f67165d Mon Sep 17 00:00:00 2001 | ||
| From: Paul Eggert <[email protected]> | ||
| Date: Sat, 29 Oct 2016 21:04:40 -0700 | ||
| Subject: [PATCH] When extracting, skip ".." members | ||
|
|
||
| * NEWS: Document this. | ||
| * src/extract.c (extract_archive): Skip members whose names | ||
| contain "..". | ||
|
|
||
| CVE: CVE-2016-6321 | ||
| Upstream-Status: Backport | ||
|
|
||
| Cherry picked from commit: 7340f67 When extracting, skip ".." members | ||
|
|
||
| Signed-off-by: Sona Sarmadi <[email protected]> | ||
| --- | ||
| NEWS | 8 +++++++- | ||
| src/extract.c | 8 ++++++++ | ||
| 2 files changed, 15 insertions(+), 1 deletion(-) | ||
|
|
||
| diff --git a/NEWS b/NEWS | ||
| index 501164a..fc97cfc 100644 | ||
| --- a/NEWS | ||
| +++ b/NEWS | ||
| @@ -1,6 +1,12 @@ | ||
| -GNU tar NEWS - User visible changes. 2016-05-16 | ||
| +GNU tar NEWS - User visible changes. 2016-10-29 | ||
| Please send GNU tar bug reports to <[email protected]> | ||
|
|
||
| +* Member names containing '..' components are now skipped when extracting. | ||
| + | ||
| +This fixes tar's behavior to match its documentation, and is a bit | ||
| +safer when extracting untrusted archives over old files (an unsafe | ||
| +practice that the tar manual has long recommended against). | ||
| + | ||
|
|
||
| version 1.29 - Sergey Poznyakoff, 2016-05-16 | ||
|
|
||
| diff --git a/src/extract.c b/src/extract.c | ||
| index f982433..7904148 100644 | ||
| --- a/src/extract.c | ||
| +++ b/src/extract.c | ||
| @@ -1629,12 +1629,20 @@ extract_archive (void) | ||
| { | ||
| char typeflag; | ||
| tar_extractor_t fun; | ||
| + bool skip_dotdot_name; | ||
|
|
||
| fatal_exit_hook = extract_finish; | ||
|
|
||
| set_next_block_after (current_header); | ||
|
|
||
| + skip_dotdot_name = (!absolute_names_option | ||
| + && contains_dot_dot (current_stat_info.orig_file_name)); | ||
| + if (skip_dotdot_name) | ||
| + ERROR ((0, 0, _("%s: Member name contains '..'"), | ||
| + quotearg_colon (current_stat_info.orig_file_name))); | ||
| + | ||
| if (!current_stat_info.file_name[0] | ||
| + || skip_dotdot_name | ||
| || (interactive_option | ||
| && !confirm ("extract", current_stat_info.file_name))) | ||
| { | ||
| -- | ||
| 1.9.1 | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters