archival: disallow path traversals (CVE-2023-39810) - busybox-w32 - A mirror of https://github.com/rmyorston/busybox-w32.git

diff options

author	Denys Vlasenko <vda.linux@googlemail.com>	2024-10-02 10:12:05 +0200
committer	Denys Vlasenko <vda.linux@googlemail.com>	2025-04-16 03:03:17 +0200
commit	9a8796436b9b0641e13480811902ea2ac57881d3 (patch)
tree	700c1500ed7ecaade8e77078a964d71740359ea9 /scripts/mkdiff_obj
parent	fc466720b5e8611f485bc574c0114d5037525f92 (diff)
download	busybox-w32-9a8796436b9b0641e13480811902ea2ac57881d3.tar.gz busybox-w32-9a8796436b9b0641e13480811902ea2ac57881d3.tar.bz2 busybox-w32-9a8796436b9b0641e13480811902ea2ac57881d3.zip

archival: disallow path traversals (CVE-2023-39810)

Create new configure option for archival/libarchive based extractions to disallow path traversals. As this is a paranoid option and might introduce backward incompatibility, default it to no. Fixes: CVE-2023-39810 Based on the patch by Peter Kaestle <peter.kaestle@nokia.com> function old new delta data_extract_all 921 945 +24 strip_unsafe_prefix 101 102 +1 ------------------------------------------------------------------------------ (add/remove: 0/0 grow/shrink: 2/0 up/down: 25/0) Total: 25 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>

Diffstat (limited to 'scripts/mkdiff_obj')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: