Home Explore Help
Register Sign In
wareck
/
lede_packages
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Branch: master
Branches Tags
lede_packages
/
utils
/
tar
/
patches
/
001-CVE-2016-6321.patch

001-CVE-2016-6321.patch 933 B
Permalink History Raw

123456789101112131415161718192021222324252627282930 
  1. From 7340f67b9860ea0531c1450e5aa261c50f67165d Mon Sep 17 00:00:00 2001
    2. 

  2. From: Paul Eggert <eggert@Penguin.CS.UCLA.EDU>
    3. 

  3. Date: Sat, 29 Oct 2016 21:04:40 -0700
    4. 

  4. Subject: When extracting, skip ".." members
    5. 

  5. 

  6. * src/extract.c (extract_archive): Skip members whose names
    7. 

  7. contain "..".
    8. 

  8. --- a/src/extract.c
    9. 

  9. +++ b/src/extract.c
    10. 

  10. @@ -1629,12 +1629,20 @@ extract_archive (void)
    11. 

  11.  {
    12. 

  12.    char typeflag;
    13. 

  13.    tar_extractor_t fun;
    14. 

  14. +  bool skip_dotdot_name;
    15. 

  15.  
    16. 

  16.    fatal_exit_hook = extract_finish;
    17. 

  17.  
    18. 

  18.    set_next_block_after (current_header);
    19. 

  19.  
    20. 

  20. +  skip_dotdot_name = (!absolute_names_option
    21. 

  21. +		      && contains_dot_dot (current_stat_info.orig_file_name));
    22. 

  22. +  if (skip_dotdot_name)
    23. 

  23. +    ERROR ((0, 0, _("%s: Member name contains '..'"),
    24. 

  24. +	    quotearg_colon (current_stat_info.orig_file_name)));
    25. 

  25. +
    26. 

  26.    if (!current_stat_info.file_name[0]
    27. 

  27. +      || skip_dotdot_name
    28. 

  28.        || (interactive_option
    29. 

  29.  	  && !confirm ("extract", current_stat_info.file_name)))
    30. 

  30.      {
    31.