svn commit: r281311 - head/usr.bin/ar

[Ed Maste]

Author: emaste
Date: Thu Apr  9 13:45:17 2015
New Revision: 281311
URL: https://svnweb.freebsd.org/changeset/base/281311

Log:
  ar: Disallow directory traversal
  
  Set ARCHIVE_EXTRACT_SECURE_SYMLINKS and ARCHIVE_EXTRACT_SECURE_NODOTDOT
  as in bsdtar to prevent extraction of archive entries whose pathnames
  contain .. or whose target directory would be altered by a symlink.
  Also disallow absolute pathnames.
  
  We don't currently provide an option to disable this behaviour (as
  bsdtar's -P does). It is unlikely to be a problem in practice for ar(1),
  but the -P option is not currently used and available if we want to
  consider it for this purpose.
  
  Differential Revision:	https://reviews.freebsd.org/D1524
  Reported by:	Alexander Cherepanov <cherepan at mccme.ru>
  Approved by:	delphij
  Obtained from:	ELF tool chain ar, Ticket #474
  MFC after:	1 week
  Relnotes:	Yes
  Sponsored by:	The FreeBSD Foundation

Modified:
  head/usr.bin/ar/read.c

Modified: head/usr.bin/ar/read.c
==============================================================================
--- head/usr.bin/ar/read.c	Thu Apr  9 13:09:05 2015	(r281310)
+++ head/usr.bin/ar/read.c	Thu Apr  9 13:45:17 2015	(r281311)
@@ -187,7 +187,15 @@ read_archive(struct bsdar *bsdar, char m
 
 				if (bsdar->options & AR_V)
 					(void)fprintf(stdout, "x - %s\n", name);
-				flags = 0;
+				/* Disallow absolute paths. */
+				if (name[0] == '/') {
+					bsdar_warnc(bsdar, 0,
+					    "Absolute path '%s'", name);
+					continue;
+				}
+				/* Basic path security flags. */
+				flags = ARCHIVE_EXTRACT_SECURE_SYMLINKS | \
+				    ARCHIVE_EXTRACT_SECURE_NODOTDOT;
 				if (bsdar->options & AR_O)
 					flags |= ARCHIVE_EXTRACT_TIME;