diff options
| author | Denys Vlasenko <vda.linux@googlemail.com> | 2015-02-10 01:30:43 +0100 |
|---|---|---|
| committer | Denys Vlasenko <vda.linux@googlemail.com> | 2015-02-10 01:30:43 +0100 |
| commit | 8c06bc6ba14949d945eff0abcabab885f1ef7680 (patch) | |
| tree | 438b36b8264a1b257d4fb3e6293dcda1a4ac9d35 /archival/libarchive | |
| parent | 23cfaab47de7392c1ba7d601a05fb36da3629b28 (diff) | |
| download | busybox-w32-8c06bc6ba14949d945eff0abcabab885f1ef7680.tar.gz busybox-w32-8c06bc6ba14949d945eff0abcabab885f1ef7680.tar.bz2 busybox-w32-8c06bc6ba14949d945eff0abcabab885f1ef7680.zip | |
unzip: prevent attacks via malicious filenames
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Diffstat (limited to 'archival/libarchive')
| -rw-r--r-- | archival/libarchive/Kbuild.src | 5 | ||||
| -rw-r--r-- | archival/libarchive/get_header_tar.c | 30 | ||||
| -rw-r--r-- | archival/libarchive/unsafe_prefix.c | 36 |
3 files changed, 39 insertions, 32 deletions
diff --git a/archival/libarchive/Kbuild.src b/archival/libarchive/Kbuild.src index 7e89e9e89..b7faaf77f 100644 --- a/archival/libarchive/Kbuild.src +++ b/archival/libarchive/Kbuild.src | |||
| @@ -30,6 +30,7 @@ COMMON_FILES:= \ | |||
| 30 | DPKG_FILES:= \ | 30 | DPKG_FILES:= \ |
| 31 | unpack_ar_archive.o \ | 31 | unpack_ar_archive.o \ |
| 32 | filter_accept_list_reassign.o \ | 32 | filter_accept_list_reassign.o \ |
| 33 | unsafe_prefix.o \ | ||
| 33 | get_header_ar.o \ | 34 | get_header_ar.o \ |
| 34 | get_header_tar.o \ | 35 | get_header_tar.o \ |
| 35 | get_header_tar_gz.o \ | 36 | get_header_tar_gz.o \ |
| @@ -44,7 +45,7 @@ lib-$(CONFIG_DPKG_DEB) += $(DPKG_FILES) | |||
| 44 | 45 | ||
| 45 | lib-$(CONFIG_AR) += get_header_ar.o unpack_ar_archive.o | 46 | lib-$(CONFIG_AR) += get_header_ar.o unpack_ar_archive.o |
| 46 | lib-$(CONFIG_CPIO) += get_header_cpio.o | 47 | lib-$(CONFIG_CPIO) += get_header_cpio.o |
| 47 | lib-$(CONFIG_TAR) += get_header_tar.o | 48 | lib-$(CONFIG_TAR) += get_header_tar.o unsafe_prefix.o |
| 48 | lib-$(CONFIG_FEATURE_TAR_TO_COMMAND) += data_extract_to_command.o | 49 | lib-$(CONFIG_FEATURE_TAR_TO_COMMAND) += data_extract_to_command.o |
| 49 | lib-$(CONFIG_LZOP) += lzo1x_1.o lzo1x_1o.o lzo1x_d.o | 50 | lib-$(CONFIG_LZOP) += lzo1x_1.o lzo1x_1o.o lzo1x_d.o |
| 50 | lib-$(CONFIG_LZOP_COMPR_HIGH) += lzo1x_9x.o | 51 | lib-$(CONFIG_LZOP_COMPR_HIGH) += lzo1x_9x.o |
| @@ -53,7 +54,7 @@ lib-$(CONFIG_UNLZMA) += open_transformer.o decompress_unlzma. | |||
| 53 | lib-$(CONFIG_UNXZ) += open_transformer.o decompress_unxz.o | 54 | lib-$(CONFIG_UNXZ) += open_transformer.o decompress_unxz.o |
| 54 | lib-$(CONFIG_GUNZIP) += open_transformer.o decompress_gunzip.o | 55 | lib-$(CONFIG_GUNZIP) += open_transformer.o decompress_gunzip.o |
| 55 | lib-$(CONFIG_UNCOMPRESS) += open_transformer.o decompress_uncompress.o | 56 | lib-$(CONFIG_UNCOMPRESS) += open_transformer.o decompress_uncompress.o |
| 56 | lib-$(CONFIG_UNZIP) += open_transformer.o decompress_gunzip.o | 57 | lib-$(CONFIG_UNZIP) += open_transformer.o decompress_gunzip.o unsafe_prefix.o |
| 57 | lib-$(CONFIG_RPM2CPIO) += open_transformer.o decompress_gunzip.o get_header_cpio.o | 58 | lib-$(CONFIG_RPM2CPIO) += open_transformer.o decompress_gunzip.o get_header_cpio.o |
| 58 | lib-$(CONFIG_RPM) += open_transformer.o decompress_gunzip.o get_header_cpio.o | 59 | lib-$(CONFIG_RPM) += open_transformer.o decompress_gunzip.o get_header_cpio.o |
| 59 | 60 | ||
diff --git a/archival/libarchive/get_header_tar.c b/archival/libarchive/get_header_tar.c index ba43bb073..0c663fbd7 100644 --- a/archival/libarchive/get_header_tar.c +++ b/archival/libarchive/get_header_tar.c | |||
| @@ -17,36 +17,6 @@ | |||
| 17 | typedef uint32_t aliased_uint32_t FIX_ALIASING; | 17 | typedef uint32_t aliased_uint32_t FIX_ALIASING; |
| 18 | typedef off_t aliased_off_t FIX_ALIASING; | 18 | typedef off_t aliased_off_t FIX_ALIASING; |
| 19 | 19 | ||
| 20 | |||
| 21 | const char* FAST_FUNC strip_unsafe_prefix(const char *str) | ||
| 22 | { | ||
| 23 | const char *cp = str; | ||
| 24 | while (1) { | ||
| 25 | char *cp2; | ||
| 26 | if (*cp == '/') { | ||
| 27 | cp++; | ||
| 28 | continue; | ||
| 29 | } | ||
| 30 | if (strncmp(cp, "/../"+1, 3) == 0) { | ||
| 31 | cp += 3; | ||
| 32 | continue; | ||
| 33 | } | ||
| 34 | cp2 = strstr(cp, "/../"); | ||
| 35 | if (!cp2) | ||
| 36 | break; | ||
| 37 | cp = cp2 + 4; | ||
| 38 | } | ||
| 39 | if (cp != str) { | ||
| 40 | static smallint warned = 0; | ||
| 41 | if (!warned) { | ||
| 42 | warned = 1; | ||
| 43 | bb_error_msg("removing leading '%.*s' from member names", | ||
| 44 | (int)(cp - str), str); | ||
| 45 | } | ||
| 46 | } | ||
| 47 | return cp; | ||
| 48 | } | ||
| 49 | |||
| 50 | /* NB: _DESTROYS_ str[len] character! */ | 20 | /* NB: _DESTROYS_ str[len] character! */ |
| 51 | static unsigned long long getOctal(char *str, int len) | 21 | static unsigned long long getOctal(char *str, int len) |
| 52 | { | 22 | { |
diff --git a/archival/libarchive/unsafe_prefix.c b/archival/libarchive/unsafe_prefix.c new file mode 100644 index 000000000..826c673bf --- /dev/null +++ b/archival/libarchive/unsafe_prefix.c | |||
| @@ -0,0 +1,36 @@ | |||
| 1 | /* vi: set sw=4 ts=4: */ | ||
| 2 | /* | ||
| 3 | * Licensed under GPLv2 or later, see file LICENSE in this source tree. | ||
| 4 | */ | ||
| 5 | |||
| 6 | #include "libbb.h" | ||
| 7 | #include "bb_archive.h" | ||
| 8 | |||
| 9 | const char* FAST_FUNC strip_unsafe_prefix(const char *str) | ||
| 10 | { | ||
| 11 | const char *cp = str; | ||
| 12 | while (1) { | ||
| 13 | char *cp2; | ||
| 14 | if (*cp == '/') { | ||
| 15 | cp++; | ||
| 16 | continue; | ||
| 17 | } | ||
| 18 | if (strncmp(cp, "/../"+1, 3) == 0) { | ||
| 19 | cp += 3; | ||
| 20 | continue; | ||
| 21 | } | ||
| 22 | cp2 = strstr(cp, "/../"); | ||
| 23 | if (!cp2) | ||
| 24 | break; | ||
| 25 | cp = cp2 + 4; | ||
| 26 | } | ||
| 27 | if (cp != str) { | ||
| 28 | static smallint warned = 0; | ||
| 29 | if (!warned) { | ||
| 30 | warned = 1; | ||
| 31 | bb_error_msg("removing leading '%.*s' from member names", | ||
| 32 | (int)(cp - str), str); | ||
| 33 | } | ||
| 34 | } | ||
| 35 | return cp; | ||
| 36 | } | ||