[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Bug-tar] leading / included in incremental snapshot rename code
From: |
Nicholas Cole |
Subject: |
Re: [Bug-tar] leading / included in incremental snapshot rename code |
Date: |
Mon, 1 Oct 2007 18:47:26 -0400 |
User-agent: |
Mutt/1.4.2.2i |
Both patches work
Thanks
Nick
On Tue, Oct 02, 2007 at 12:56:59AM +0300, Sergey Poznyakoff wrote:
> Nicholas Cole <address@hidden> ha escrit:
>
> > This patch causes tar to strip leading / from rename codes during
> > creation. Can you also patch tar to strip leading / from rename
> > codes during extraction? This would prevent odd behaivor when
> > extracting an archive created with an unpatched version of tar and
> > prevent malicious use of rename codes
>
> Yes, this is reasonable. Here is a patch.
>
> Regards,
> Sergey
>
> Index: src/incremen.c
> ===================================================================
> RCS file: /cvsroot/tar/tar/src/incremen.c,v
> retrieving revision 1.58
> diff -p -u -r1.58 incremen.c
> --- src/incremen.c 29 Sep 2007 00:47:59 -0000 1.58
> +++ src/incremen.c 1 Oct 2007 21:54:17 -0000
> @@ -1410,6 +1410,19 @@ try_purge_directory (char const *directo
> arc += strlen (arc) + 1;
> dst = arc + 1;
>
> + /* Ensure that neither source nor destination are absolute file
> + names (unless permitted by -P option), and that they do not
> + contain dubious parts (e.g. ../).
> +
> + This is an extra safety precaution. Besides, it might be
> + necessary to extract from archives created with tar versions
> + prior to 1.19. */
> +
> + if (*src)
> + src = safer_name_suffix (src, false, absolute_names_option);
> + if (*dst)
> + dst = safer_name_suffix (dst, false, absolute_names_option);
> +
> if (*src == 0)
> src = temp_stub;
> else if (*dst == 0)
>
>
--
Nicholas Cole
address@hidden