diff options
author | tron <tron@pkgsrc.org> | 2008-06-08 12:46:49 +0000 |
---|---|---|
committer | tron <tron@pkgsrc.org> | 2008-06-08 12:46:49 +0000 |
commit | 8f44451698d0c0b7a24775b6653a1195775dd35a (patch) | |
tree | 00e19fad17aa7b380cc2b57c34fb490e45fb2cbb /archivers/star/patches/patch-ad | |
parent | 185b233d694e6882bb70971a6936020ce4ac95c2 (diff) | |
download | pkgsrc-8f44451698d0c0b7a24775b6653a1195775dd35a.tar.gz |
Pullup ticket #2420 - requested by tonnerre
Security patch for star
Revisions pulled up:
- archivers/star/Makefile 1.22
- archivers/star/distinfo 1.9
- archivers/star/patches/patch-ad 1.1
---
Module Name: pkgsrc
Committed By: tonnerre
Date: Sun Jun 8 02:40:38 UTC 2008
Modified Files:
pkgsrc/archivers/star: Makefile distinfo
Added Files:
pkgsrc/archivers/star/patches: patch-ad
Log Message:
Fix directory traversal vulnerability (CVE-2007-4134) in star.
Diffstat (limited to 'archivers/star/patches/patch-ad')
-rw-r--r-- | archivers/star/patches/patch-ad | 64 |
1 files changed, 64 insertions, 0 deletions
diff --git a/archivers/star/patches/patch-ad b/archivers/star/patches/patch-ad new file mode 100644 index 00000000000..11577c61eb9 --- /dev/null +++ b/archivers/star/patches/patch-ad @@ -0,0 +1,64 @@ +$NetBSD: patch-ad,v 1.1.2.2 2008/06/08 12:46:49 tron Exp $ + +--- star/extract.c.orig 2002-05-02 22:02:41.000000000 +0200 ++++ star/extract.c +@@ -92,6 +92,7 @@ EXPORT int xt_file __PR((FINFO * info, + int (*)(void *, char *, int), + void *arg, int amt, char* text)); + EXPORT void skip_slash __PR((FINFO * info)); ++LOCAL BOOL has_dotdot __PR((char *name)); + + EXPORT void + extract(vhname) +@@ -152,6 +153,12 @@ extract(vhname) + if (is_symlink(&finfo) && same_symlink(&finfo)) { + continue; + } ++ if (!interactive && has_dotdot(finfo.f_name)) { ++ errmsgno(EX_BAD, "'%s' contains '..', skipping ...\n", ++ finfo.f_name); ++ void_file(&finfo); ++ return (FALSE); ++ } + if (interactive && !ia_change(ptb, &finfo)) { + if (!nflag) + fprintf(vpr, "Skipping ...\n"); +@@ -169,6 +176,12 @@ extract(vhname) + if (!make_dir(&finfo)) + continue; + } else if (is_link(&finfo)) { ++ if (!interactive && has_dotdot(finfo.f_lname)) { ++ errmsgno(EX_BAD, "'%s' contains '..', " ++ "skipping ...\n", finfo.f_lname); ++ void_file(&finfo); ++ return (FALSE); ++ } + if (!make_link(&finfo)) + continue; + } else if (is_symlink(&finfo)) { +@@ -830,3 +843,25 @@ skip_slash(info) + while (info->f_lname[0] == '/') + info->f_lname++; + } ++ ++LOCAL BOOL ++has_dotdot(name) ++ char *name; ++{ ++ register char *p = name; ++ ++ while (*p) { ++ if ((p[0] == '.' && p[1] == '.') && ++ (p[2] == '/' || p[2] == '\0')) { ++ return (TRUE); ++ } ++ do { ++ if (*p++ == '\0') ++ return (FALSE); ++ } while (*p != '/'); ++ p++; ++ while (*p && *p == '/') /* Skip multiple slashes */ ++ p++; ++ } ++ return (FALSE); ++} |