Home Esplora Aiuto
Accedi
dfanfdsanfdsa
/
ood-ports-lbsd-fork1
forkato da jimmy/ood-ports-lbsd
Segui 1
Vota 0
Forka 0
File
Ramo (Branch): master
Rami (Branch) Tag
ood-ports-lb...
/
archivers
/
gcpio
/
patches
/
patch-src_copyin_c

patch-src_copyin_c 2.1 KB
Permalink Cronologia Originale

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283 
  1. $OpenBSD: patch-src_copyin_c,v 1.4 2015/09/17 20:16:49 naddy Exp $
    2. 

  2. 

  3. CVE-2015-1197: cpio directory traversal
    4. 

  4. 

  5. --- src/copyin.c.orig	Sat Sep 12 12:57:30 2015
    6. 

  6. +++ src/copyin.c	Wed Sep 16 23:21:15 2015
    7. 

  7. @@ -695,6 +695,51 @@ copyin_link (struct cpio_file_stat *file_hdr, int in_f
    8. 

  8.    free (link_name);
    9. 

  9.  }
    10. 

  10.  
    11. 

  11. +
    12. 

  12. +static int
    13. 

  13. +path_contains_symlink(char *path)
    14. 

  14. +{
    15. 

  15. +  struct stat st;
    16. 

  16. +  char *slash;
    17. 

  17. +  char *nextslash;
    18. 

  18. +
    19. 

  19. +  /* we got NULL pointer or empty string */
    20. 

  20. +  if (!path || !*path) {
    21. 

  21. +    return false;
    22. 

  22. +  }
    23. 

  23. +
    24. 

  24. +  slash = path;
    25. 

  25. +
    26. 

  26. +  while ((nextslash = strchr(slash + 1, '/')) != NULL) {
    27. 

  27. +    slash = nextslash;
    28. 

  28. +    *slash = '\0';
    29. 

  29. +
    30. 

  30. +    if (lstat(path, &st) != 0) {
    31. 

  31. +      if (errno == ELOOP) {
    32. 

  32. +        /* ELOOP - too many symlinks */
    33. 

  33. +        *slash = '/';
    34. 

  34. +        return true;
    35. 

  35. +      } else if (errno == ENOMEM) {
    36. 

  36. +        /* No memory for lstat - terminate */
    37. 

  37. +        xalloc_die();
    38. 

  38. +      } else {
    39. 

  39. +        /* cannot lstat path - give up */
    40. 

  40. +        *slash = '/';
    41. 

  41. +        return false;
    42. 

  42. +      }
    43. 

  43. +    }
    44. 

  44. +
    45. 

  45. +    if (S_ISLNK(st.st_mode)) {
    46. 

  46. +      *slash = '/';
    47. 

  47. +      return true;
    48. 

  48. +    }
    49. 

  49. +
    50. 

  50. +    *slash = '/';
    51. 

  51. +  }
    52. 

  52. +
    53. 

  53. +  return false;
    54. 

  54. +}
    55. 

  55. +
    56. 

  56.  static void
    57. 

  57.  copyin_file (struct cpio_file_stat *file_hdr, int in_file_des)
    58. 

  58.  {
    59. 

  59. @@ -1467,6 +1512,23 @@ process_copy_in ()
    60. 

  60.        else
    61. 

  61.  	{
    62. 

  62.  	  /* Copy the input file into the directory structure.  */
    63. 

  63. +
    64. 

  64. +          /* Can we write files over symlinks? */
    65. 

  65. +          if (!extract_over_symlinks)
    66. 

  66. +            {
    67. 

  67. +              if (path_contains_symlink(file_hdr.c_name))
    68. 

  68. +                {
    69. 

  69. +                  /* skip the file */
    70. 

  70. +                  /*
    71. 

  71. +                  fprintf(stderr, "Can't write over symlinks. Skipping %s\n", file_hdr.c_name);
    72. 

  72. +                  tape_toss_input (in_file_des, file_hdr.c_filesize);
    73. 

  73. +                  tape_skip_padding (in_file_des, file_hdr.c_filesize);
    74. 

  74. +                  continue;
    75. 

  75. +                  */
    76. 

  76. +                  /* terminate */
    77. 

  77. +	          error (PAXEXIT_FAILURE, 0, _("Can't write over symlinks: %s\n"), file_hdr.c_name);
    78. 

  78. +                }
    79. 

  79. +            }
    80. 

  80.  
    81. 

  81.  	  /* Do we need to rename the file? */
    82. 

  82.  	  if (rename_flag || rename_batch_file)
    83. 

  83.