diff options
author | V3n3RiX <venerix@redcorelinux.org> | 2018-07-14 21:03:06 +0100 |
---|---|---|
committer | V3n3RiX <venerix@redcorelinux.org> | 2018-07-14 21:03:06 +0100 |
commit | 8376ef56580626e9c0f796d5b85b53a0a1c7d5f5 (patch) | |
tree | 7681bbd4e8b05407772df40a4bf04cbbc8afc3fa /dev-libs/libtar/files/CVE-2013-4420.patch | |
parent | 30a9caf154332f12ca60756e1b75d2f0e3e1822d (diff) |
gentoo resync : 14.07.2018
Diffstat (limited to 'dev-libs/libtar/files/CVE-2013-4420.patch')
-rw-r--r-- | dev-libs/libtar/files/CVE-2013-4420.patch | 94 |
1 files changed, 94 insertions, 0 deletions
diff --git a/dev-libs/libtar/files/CVE-2013-4420.patch b/dev-libs/libtar/files/CVE-2013-4420.patch new file mode 100644 index 000000000000..833ff7b1dbb3 --- /dev/null +++ b/dev-libs/libtar/files/CVE-2013-4420.patch @@ -0,0 +1,94 @@ +--- a/lib/decode.c 2013-10-09 09:59:44.000000000 -0700 ++++ b/lib/decode.c 2015-07-20 20:57:58.331945962 -0700 +@@ -21,24 +21,55 @@ + # include <string.h> + #endif + ++char * ++safer_name_suffix (char const *file_name) ++{ ++ char const *p, *t; ++ p = t = file_name; ++ while (*p) ++ { ++ if (p[0] == '.' && p[0] == p[1] && p[2] == '/') ++ { ++ p += 3; ++ t = p; ++ } ++ /* advance pointer past the next slash */ ++ while (*p && (p++)[0] != '/'); ++ } ++ ++ if (!*t) ++ { ++ t = "."; ++ } ++ ++ if (t != file_name) ++ { ++ /* TODO: warn somehow that the path was modified */ ++ } ++ return (char*)t; ++} ++ + + /* determine full path name */ + char * + th_get_pathname(TAR *t) + { + static TLS_THREAD char filename[MAXPATHLEN]; ++ char *safer_name; + + if (t->th_buf.gnu_longname) +- return t->th_buf.gnu_longname; ++ return safer_name_suffix(t->th_buf.gnu_longname); ++ ++ safer_name = safer_name_suffix(t->th_buf.name); + + if (t->th_buf.prefix[0] != '\0') + { + snprintf(filename, sizeof(filename), "%.155s/%.100s", +- t->th_buf.prefix, t->th_buf.name); ++ t->th_buf.prefix, safer_name); + return filename; + } + +- snprintf(filename, sizeof(filename), "%.100s", t->th_buf.name); ++ snprintf(filename, sizeof(filename), "%.100s", safer_name); + return filename; + } + +--- a/lib/extract.c 2013-10-09 09:59:44.000000000 -0700 ++++ b/lib/extract.c 2015-07-20 21:00:16.560956122 -0700 +@@ -305,7 +305,7 @@ + linktgt = &lnp[strlen(lnp) + 1]; + } + else +- linktgt = th_get_linkname(t); ++ linktgt = safer_name_suffix(th_get_linkname(t)); + + #ifdef DEBUG + printf(" ==> extracting: %s (link to %s)\n", filename, linktgt); +@@ -343,9 +343,9 @@ + + #ifdef DEBUG + printf(" ==> extracting: %s (symlink to %s)\n", +- filename, th_get_linkname(t)); ++ filename, safer_name_suffix(th_get_linkname(t))); + #endif +- if (symlink(th_get_linkname(t), filename) == -1) ++ if (symlink(safer_name_suffix(th_get_linkname(t)), filename) == -1) + { + #ifdef DEBUG + perror("symlink()"); +--- a/lib/internal.h 2013-10-09 09:59:44.000000000 -0700 ++++ b/lib/internal.h 2015-07-20 21:00:51.258958673 -0700 +@@ -15,6 +15,7 @@ + + #include <libtar.h> + ++char* safer_name_suffix(char const*); + #ifdef TLS + #define TLS_THREAD TLS + #else |