[Differential] [Request, 10 lines] D1524: ar: Disallow directory traversal
emaste (Ed Maste)
phabric-noreply at FreeBSD.org
Tue Jan 13 22:22:31 UTC 2015
emaste created this revision.
emaste added a subscriber: freebsd-toolchain.
REVISION SUMMARY
Set ARCHIVE_EXTRACT_SECURE_SYMLINKS and ARCHIVE_EXTRACT_SECURE_NODOTDOT as in bsdtar to prevent extraction of archive entries whose pathnames contain .. or whose target directory would be altered by a symlink. Also disallow absolute pathnames.
We don't currently provide an option to disable this behaviour (as bsdtar's -P does). It is unlikely to be a problem in practice for ar(1), but the -P option is available if we want to allow it.
Reported by: Alexander Cherepanov <cherepan at mccme.ru>
Elftoolchain ticket: 474
TEST PLAN
From https://sourceforge.net/p/elftoolchain/tickets/474/
~~~
printf '!<arch>\n%-48s%-10s`\n%-48s%-10s`\n' /tmp/file 0 ../file 0 > test.a
n% ./ar -xv test.a
x - /tmp/file
ar: warning: Absolute path '/tmp/file'
x - ../file
ar: warning: Path contains '..'
~~~
REVISION DETAIL
https://reviews.freebsd.org/D1524
AFFECTED FILES
usr.bin/ar/read.c
To: emaste
Cc: freebsd-toolchain
More information about the freebsd-toolchain
mailing list