1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
|
$NetBSD: patch-ad,v 1.4 2010/01/09 19:10:46 dholland Exp $
1. security fix
2. utimes() fixes for netbsd-6 time_t
upstream: (1) unknown (2) not reported, docs in .jp only, wakarimasen :(
--- src/lhext.c.orig 2000-10-04 10:57:38.000000000 -0400
+++ src/lhext.c 2009-02-13 18:42:35.000000000 -0500
@@ -143,13 +143,15 @@ adjust_info(name, hdr)
char *name;
LzHeader *hdr;
{
- time_t utimebuf[2];
+ struct timeval utimebuf[2];
/* adjust file stamp */
- utimebuf[0] = utimebuf[1] = hdr->unix_last_modified_stamp;
+ utimebuf[0].tv_sec = hdr->unix_last_modified_stamp;
+ utimebuf[0].tv_usec = 0;
+ utimebuf[1] = utimebuf[0];
if ((hdr->unix_mode & UNIX_FILE_TYPEMASK) != UNIX_FILE_SYMLINK)
- utime(name, utimebuf);
+ utimes(name, utimebuf);
if (hdr->extend_type == EXTEND_UNIX
|| hdr->extend_type == EXTEND_OS68K
@@ -190,8 +192,13 @@ extract_one(afp, hdr)
q = (char *) rindex(hdr->name, '/') + 1;
}
else {
+ if (is_directory_traversal(q)) {
+ fprintf(stderr, "Possible directory traversal hack attempt in %s\n", q);
+ exit(111);
+ }
+
if (*q == '/') {
- q++;
+ while (*q == '/') { q++; }
/*
* if OSK then strip device name
*/
@@ -419,6 +426,33 @@ cmd_extract()
return;
}
+int
+is_directory_traversal(char *string)
+{
+ unsigned int type = 0; /* 0 = new, 1 = only dots, 2 = other chars than dots */
+ char *temp;
+
+ temp = string;
+
+ while (*temp != 0) {
+ if (temp[0] == '/') {
+ if (type == 1) { return 1; }
+ type = 0;
+ temp++;
+ continue;
+ }
+
+ if ((temp[0] == '.') && (type < 2))
+ type = 1;
+ if (temp[0] != '.')
+ type = 2;
+
+ temp++;
+ } /* while */
+
+ return (type == 1);
+}
+
/* Local Variables: */
/* mode:c */
/* tab-width:4 */
|
