ar: Disallow directory traversal
Set ARCHIVE_EXTRACT_SECURE_SYMLINKS and ARCHIVE_EXTRACT_SECURE_NODOTDOT as in bsdtar to prevent extraction of archive entries whose pathnames contain .. or whose target directory would be altered by a symlink. Also disallow absolute pathnames. We don't currently provide an option to disable this behaviour (as bsdtar's -P does). It is unlikely to be a problem in practice for ar(1), but the -P option is not currently used and available if we want to consider it for this purpose. Differential Revision: https://reviews.freebsd.org/D1524 Reported by: Alexander Cherepanov <cherepan@mccme.ru> Approved by: delphij Obtained from: ELF tool chain ar, Ticket #474 MFC after: 1 week Relnotes: Yes Sponsored by: The FreeBSD Foundation
This commit is contained in:
parent
0ada3afc25
commit
56ad941995
@ -187,7 +187,15 @@ read_archive(struct bsdar *bsdar, char mode)
|
||||
|
||||
if (bsdar->options & AR_V)
|
||||
(void)fprintf(stdout, "x - %s\n", name);
|
||||
flags = 0;
|
||||
/* Disallow absolute paths. */
|
||||
if (name[0] == '/') {
|
||||
bsdar_warnc(bsdar, 0,
|
||||
"Absolute path '%s'", name);
|
||||
continue;
|
||||
}
|
||||
/* Basic path security flags. */
|
||||
flags = ARCHIVE_EXTRACT_SECURE_SYMLINKS | \
|
||||
ARCHIVE_EXTRACT_SECURE_NODOTDOT;
|
||||
if (bsdar->options & AR_O)
|
||||
flags |= ARCHIVE_EXTRACT_TIME;
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user