[Bug-tar] prefix field cann't trusted as part of path

bug-tar

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug-tar] prefix field cann't trusted as part of path

From:	Thomas Graf
Subject:	[Bug-tar] prefix field cann't trusted as part of path
Date:	Sun, 15 May 2011 11:39:13 +0200
User-agent:	Mozilla/5.0 (X11; U; Linux x86_64; de; rv:1.9.2.14) Gecko/20110221 SUSE/3.1.8 Thunderbird/3.1.8

Hello!

Ustar-format: Under the condition the name field is blank und prefixfield is used, you should check the filetype flag or name field. Withother words spoken: you should not trust, that the given filename inprefix can be used as a part of path. So take care when appending aslash. The follwoing script shows it:


#!/bin/sh
# look at the output of tar command
touch a.txt
tar -Hustar -cf a.tar a.txt
cp a.tar b.tar
# copy name field to prefix field

dd if=a.tar bs=100 count=1 2>&- | dd of=b.tar conv=notrunc seek=345 bs=12>&-

# wipe out name field
dd if=/dev/zero of=b.tar bs=100 count=1 conv=notrunc 2>&-
tar -tvvf a.tar
tar -tvvf b.tar

Suggestion to fix it: see attachment: basically it's one line.

I give you the permission to add the patch and the above shell code tothe gnu tar project.



Cheers
Thoams

tar-1.26-p1-prefix-without-slash.patch.gz
Description: application/gunzip

[Prev in Thread]

Current Thread

[Next in Thread]

[Bug-tar] prefix field cann't trusted as part of path, Thomas Graf <=
- Re: [Bug-tar] prefix field cann't trusted as part of path, Paul Eggert, 2011/05/15

Prev by Date: Re: [Bug-tar] [PATCH] tar: Ignore certain file status changes on create
Next by Date: Re: [Bug-tar] prefix field cann't trusted as part of path
Previous by thread: [Bug-tar] [PATCH] tar: Ignore certain file status changes on create
Next by thread: Re: [Bug-tar] prefix field cann't trusted as part of path
Index(es):
- Date
- Thread