summaryrefslogtreecommitdiffstats
path: root/meta-oem-extra-libs/recipes-core/libtar/files/CVE-2013-4420.patch
diff options
context:
space:
mode:
Diffstat (limited to 'meta-oem-extra-libs/recipes-core/libtar/files/CVE-2013-4420.patch')
-rw-r--r--meta-oem-extra-libs/recipes-core/libtar/files/CVE-2013-4420.patch113
1 files changed, 0 insertions, 113 deletions
diff --git a/meta-oem-extra-libs/recipes-core/libtar/files/CVE-2013-4420.patch b/meta-oem-extra-libs/recipes-core/libtar/files/CVE-2013-4420.patch
deleted file mode 100644
index 477d130f..00000000
--- a/meta-oem-extra-libs/recipes-core/libtar/files/CVE-2013-4420.patch
+++ /dev/null
@@ -1,113 +0,0 @@
-Author: Raphael Geissert <geissert@debian.org>
-Bug-Debian: https://bugs.debian.org/731860
-Description: Avoid directory traversal when extracting archives
- by skipping over leading slashes and any prefix containing ".." components.
-Forwarded: yes
-
---- a/lib/decode.c
-+++ b/lib/decode.c
-@@ -22,13 +22,42 @@
- # include <string.h>
- #endif
-
-+char *
-+safer_name_suffix (char const *file_name)
-+{
-+ char const *p, *t;
-+ p = t = file_name;
-+ while (*p == '/') t = ++p;
-+ while (*p)
-+ {
-+ while (p[0] == '.' && p[0] == p[1] && p[2] == '/')
-+ {
-+ p += 3;
-+ t = p;
-+ }
-+ /* advance pointer past the next slash */
-+ while (*p && (p++)[0] != '/');
-+ }
-+
-+ if (!*t)
-+ {
-+ t = ".";
-+ }
-+
-+ if (t != file_name)
-+ {
-+ /* TODO: warn somehow that the path was modified */
-+ }
-+ return (char*)t;
-+}
-+
-
- /* determine full path name */
- char *
- th_get_pathname(TAR *t)
- {
- if (t->th_buf.gnu_longname)
-- return t->th_buf.gnu_longname;
-+ return safer_name_suffix(t->th_buf.gnu_longname);
-
- /* allocate the th_pathname buffer if not already */
- if (t->th_pathname == NULL)
-@@ -51,7 +80,7 @@ th_get_pathname(TAR *t)
- }
-
- /* will be deallocated in tar_close() */
-- return t->th_pathname;
-+ return safer_name_suffix(t->th_pathname);
- }
-
-
---- a/lib/extract.c
-+++ b/lib/extract.c
-@@ -298,14 +298,14 @@ tar_extract_hardlink(TAR * t, char *real
- if (mkdirhier(dirname(filename)) == -1)
- return -1;
- libtar_hashptr_reset(&hp);
-- if (libtar_hash_getkey(t->h, &hp, th_get_linkname(t),
-+ if (libtar_hash_getkey(t->h, &hp, safer_name_suffix(th_get_linkname(t)),
- (libtar_matchfunc_t)libtar_str_match) != 0)
- {
- lnp = (char *)libtar_hashptr_data(&hp);
- linktgt = &lnp[strlen(lnp) + 1];
- }
- else
-- linktgt = th_get_linkname(t);
-+ linktgt = safer_name_suffix(th_get_linkname(t));
-
- #ifdef DEBUG
- printf(" ==> extracting: %s (link to %s)\n", filename, linktgt);
-@@ -343,9 +343,9 @@ tar_extract_symlink(TAR *t, char *realna
-
- #ifdef DEBUG
- printf(" ==> extracting: %s (symlink to %s)\n",
-- filename, th_get_linkname(t));
-+ filename, safer_name_suffix(th_get_linkname(t)));
- #endif
-- if (symlink(th_get_linkname(t), filename) == -1)
-+ if (symlink(safer_name_suffix(th_get_linkname(t)), filename) == -1)
- {
- #ifdef DEBUG
- perror("symlink()");
---- a/lib/internal.h
-+++ b/lib/internal.h
-@@ -21,3 +21,4 @@
- #define TLS_THREAD
- #endif
-
-+char* safer_name_suffix(char const*);
---- a/lib/output.c
-+++ b/lib/output.c
-@@ -123,9 +123,9 @@ th_print_long_ls(TAR *t)
- else
- printf(" link to ");
- if ((t->options & TAR_GNU) && t->th_buf.gnu_longlink != NULL)
-- printf("%s", t->th_buf.gnu_longlink);
-+ printf("%s", safer_name_suffix(t->th_buf.gnu_longlink));
- else
-- printf("%.100s", t->th_buf.linkname);
-+ printf("%.100s", safer_name_suffix(t->th_buf.linkname));
- }
-
- putchar('\n');