svn commit: r281311 - head/usr.bin/ar
Ed Maste
emaste at FreeBSD.org
Thu Apr 9 13:45:18 UTC 2015
Author: emaste
Date: Thu Apr 9 13:45:17 2015
New Revision: 281311
URL: https://svnweb.freebsd.org/changeset/base/281311
Log:
ar: Disallow directory traversal
Set ARCHIVE_EXTRACT_SECURE_SYMLINKS and ARCHIVE_EXTRACT_SECURE_NODOTDOT
as in bsdtar to prevent extraction of archive entries whose pathnames
contain .. or whose target directory would be altered by a symlink.
Also disallow absolute pathnames.
We don't currently provide an option to disable this behaviour (as
bsdtar's -P does). It is unlikely to be a problem in practice for ar(1),
but the -P option is not currently used and available if we want to
consider it for this purpose.
Differential Revision: https://reviews.freebsd.org/D1524
Reported by: Alexander Cherepanov <cherepan at mccme.ru>
Approved by: delphij
Obtained from: ELF tool chain ar, Ticket #474
MFC after: 1 week
Relnotes: Yes
Sponsored by: The FreeBSD Foundation
Modified:
head/usr.bin/ar/read.c
Modified: head/usr.bin/ar/read.c
==============================================================================
--- head/usr.bin/ar/read.c Thu Apr 9 13:09:05 2015 (r281310)
+++ head/usr.bin/ar/read.c Thu Apr 9 13:45:17 2015 (r281311)
@@ -187,7 +187,15 @@ read_archive(struct bsdar *bsdar, char m
if (bsdar->options & AR_V)
(void)fprintf(stdout, "x - %s\n", name);
- flags = 0;
+ /* Disallow absolute paths. */
+ if (name[0] == '/') {
+ bsdar_warnc(bsdar, 0,
+ "Absolute path '%s'", name);
+ continue;
+ }
+ /* Basic path security flags. */
+ flags = ARCHIVE_EXTRACT_SECURE_SYMLINKS | \
+ ARCHIVE_EXTRACT_SECURE_NODOTDOT;
if (bsdar->options & AR_O)
flags |= ARCHIVE_EXTRACT_TIME;
More information about the svn-src-head
mailing list