[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug binutils/17552] strip/objcopy: directory traversal
|
From: |
cvs-commit at gcc dot gnu.org |
|
Subject: |
[Bug binutils/17552] strip/objcopy: directory traversal |
|
Date: |
Thu, 06 Nov 2014 14:50:43 +0000 |
https://sourceware.org/bugzilla/show_bug.cgi?id=17552
--- Comment #4 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot
gnu.org> ---
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "gdb and binutils".
The branch, master has been updated
via dd9b91de2149ee81d47f708e7b0bbf57da10ad42 (commit)
from 834107255bbefceb445fa733ebc1ea5d9f41ec7f (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=dd9b91de2149ee81d47f708e7b0bbf57da10ad42
commit dd9b91de2149ee81d47f708e7b0bbf57da10ad42
Author: Nick Clifton <address@hidden>
Date: Thu Nov 6 14:49:10 2014 +0000
Prevent archive memebers with illegal pathnames from being extracted from
an archive.
PR binutils/17552, binutils/17533
* bucomm.c (is_valid_archive_path): New function. Returns false
for absolute pathnames and pathnames that include /../.
* bucomm.h (is_valid_archive_path): Add prototype.
* ar.c (extract_file): Use new function to check for valid
pathnames when extracting files from an archive.
* objcopy.c (copy_archive): Likewise.
* doc/binutils.texi: Update documentation to mention the
limitation on pathname of archive members.
-----------------------------------------------------------------------
Summary of changes:
binutils/ChangeLog | 16 ++++++++++++++--
binutils/ar.c | 9 +++++++++
binutils/bucomm.c | 26 ++++++++++++++++++++++++++
binutils/bucomm.h | 12 ++++++++----
binutils/doc/binutils.texi | 3 ++-
binutils/objcopy.c | 6 ++++++
6 files changed, 65 insertions(+), 7 deletions(-)
--
You are receiving this mail because:
You are on the CC list for the bug.
- [Bug binutils/17552] New: strip/objcopy: directory traversal, cherepan at mccme dot ru, 2014/11/04
- [Bug binutils/17552] strip/objcopy: directory traversal, nickc at redhat dot com, 2014/11/05
- [Bug binutils/17552] strip/objcopy: directory traversal, nickc at redhat dot com, 2014/11/05
- [Bug binutils/17552] strip/objcopy: directory traversal, cherepan at mccme dot ru, 2014/11/05
- [Bug binutils/17552] strip/objcopy: directory traversal,
cvs-commit at gcc dot gnu.org <=
- [Bug binutils/17552] strip/objcopy: directory traversal, nickc at redhat dot com, 2014/11/06
- [Bug binutils/17552] strip/objcopy: directory traversal, nickc at redhat dot com, 2014/11/06
- [Bug binutils/17552] strip/objcopy: directory traversal, cherepan at mccme dot ru, 2014/11/06
- [Bug binutils/17552] strip/objcopy: directory traversal, nickc at redhat dot com, 2014/11/07
- [Bug binutils/17552] strip/objcopy: directory traversal, cherepan at mccme dot ru, 2014/11/07
- [Bug binutils/17552] strip/objcopy: directory traversal, nickc at redhat dot com, 2014/11/07
- [Bug binutils/17552] strip/objcopy: directory traversal, cherepan at mccme dot ru, 2014/11/09
- [Bug binutils/17552] strip/objcopy: directory traversal, cvs-commit at gcc dot gnu.org, 2014/11/10
- [Bug binutils/17552] strip/objcopy: directory traversal, cvs-commit at gcc dot gnu.org, 2014/11/17