Date: Tue, 13 Jan 2015 22:22:30 +0000 From: "emaste (Ed Maste)" <phabric-noreply@FreeBSD.org> To: freebsd-toolchain@freebsd.org Subject: [Differential] [Request, 10 lines] D1524: ar: Disallow directory traversal Message-ID: <differential-rev-PHID-DREV-afkdt62nztoqmxtqejuv-req@FreeBSD.org>
next in thread | raw e-mail | index | archive | help
emaste created this revision. emaste added a subscriber: freebsd-toolchain. REVISION SUMMARY Set ARCHIVE_EXTRACT_SECURE_SYMLINKS and ARCHIVE_EXTRACT_SECURE_NODOTDOT as in bsdtar to prevent extraction of archive entries whose pathnames contain .. or whose target directory would be altered by a symlink. Also disallow absolute pathnames. We don't currently provide an option to disable this behaviour (as bsdtar's -P does). It is unlikely to be a problem in practice for ar(1), but the -P option is available if we want to allow it. Reported by: Alexander Cherepanov <cherepan@mccme.ru> Elftoolchain ticket: 474 TEST PLAN From https://sourceforge.net/p/elftoolchain/tickets/474/ ~~~ printf '!<arch>\n%-48s%-10s`\n%-48s%-10s`\n' /tmp/file 0 ../file 0 > test.a n% ./ar -xv test.a x - /tmp/file ar: warning: Absolute path '/tmp/file' x - ../file ar: warning: Path contains '..' ~~~ REVISION DETAIL https://reviews.freebsd.org/D1524 AFFECTED FILES usr.bin/ar/read.c To: emaste Cc: freebsd-toolchain
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?differential-rev-PHID-DREV-afkdt62nztoqmxtqejuv-req>