pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/archivers/star Fix directory traversal vulnerability (...
details: https://anonhg.NetBSD.org/pkgsrc/rev/ee122ae4c40a
branches: trunk
changeset: 543180:ee122ae4c40a
user: tonnerre <tonnerre%pkgsrc.org@localhost>
date: Sun Jun 08 02:40:38 2008 +0000
description:
Fix directory traversal vulnerability (CVE-2007-4134) in star.
diffstat:
archivers/star/Makefile | 4 +-
archivers/star/distinfo | 3 +-
archivers/star/patches/patch-ad | 64 +++++++++++++++++++++++++++++++++++++++++
3 files changed, 68 insertions(+), 3 deletions(-)
diffs (96 lines):
diff -r 4b2e668da952 -r ee122ae4c40a archivers/star/Makefile
--- a/archivers/star/Makefile Sun Jun 08 01:23:26 2008 +0000
+++ b/archivers/star/Makefile Sun Jun 08 02:40:38 2008 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.21 2007/12/30 17:25:41 cjep Exp $
+# $NetBSD: Makefile,v 1.22 2008/06/08 02:40:38 tonnerre Exp $
#
DISTNAME= star-1.4.3
-PKGREVISION= 3
+PKGREVISION= 4
CATEGORIES= archivers
MASTER_SITES= ftp://ftp.berlios.de/pub/star/
diff -r 4b2e668da952 -r ee122ae4c40a archivers/star/distinfo
--- a/archivers/star/distinfo Sun Jun 08 01:23:26 2008 +0000
+++ b/archivers/star/distinfo Sun Jun 08 02:40:38 2008 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.8 2007/12/30 17:25:42 cjep Exp $
+$NetBSD: distinfo,v 1.9 2008/06/08 02:40:38 tonnerre Exp $
SHA1 (star-1.4.3.tar.gz) = c59b68d97edba77a9ac6000be04d457ded1eefe9
RMD160 (star-1.4.3.tar.gz) = f7ec71bfab1723c994e5eed7e6818394a41d44d9
@@ -6,3 +6,4 @@
SHA1 (patch-aa) = 4fe4af396adf23eb7ac071b02a7bf726ab1e4318
SHA1 (patch-ab) = aea3af88d3bedf2ce7a7744c90062ba4e57bb79f
SHA1 (patch-ac) = 81e6361db3903e5b04fae4e70ad3a37f9a2f4fa7
+SHA1 (patch-ad) = 8e9fff0b8345a1997ae08a5c5e57260b4c5f8090
diff -r 4b2e668da952 -r ee122ae4c40a archivers/star/patches/patch-ad
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/archivers/star/patches/patch-ad Sun Jun 08 02:40:38 2008 +0000
@@ -0,0 +1,64 @@
+$NetBSD: patch-ad,v 1.1 2008/06/08 02:40:38 tonnerre Exp $
+
+--- star/extract.c.orig 2002-05-02 22:02:41.000000000 +0200
++++ star/extract.c
+@@ -92,6 +92,7 @@ EXPORT int xt_file __PR((FINFO * info,
+ int (*)(void *, char *, int),
+ void *arg, int amt, char* text));
+ EXPORT void skip_slash __PR((FINFO * info));
++LOCAL BOOL has_dotdot __PR((char *name));
+
+ EXPORT void
+ extract(vhname)
+@@ -152,6 +153,12 @@ extract(vhname)
+ if (is_symlink(&finfo) && same_symlink(&finfo)) {
+ continue;
+ }
++ if (!interactive && has_dotdot(finfo.f_name)) {
++ errmsgno(EX_BAD, "'%s' contains '..', skipping ...\n",
++ finfo.f_name);
++ void_file(&finfo);
++ return (FALSE);
++ }
+ if (interactive && !ia_change(ptb, &finfo)) {
+ if (!nflag)
+ fprintf(vpr, "Skipping ...\n");
+@@ -169,6 +176,12 @@ extract(vhname)
+ if (!make_dir(&finfo))
+ continue;
+ } else if (is_link(&finfo)) {
++ if (!interactive && has_dotdot(finfo.f_lname)) {
++ errmsgno(EX_BAD, "'%s' contains '..', "
++ "skipping ...\n", finfo.f_lname);
++ void_file(&finfo);
++ return (FALSE);
++ }
+ if (!make_link(&finfo))
+ continue;
+ } else if (is_symlink(&finfo)) {
+@@ -830,3 +843,25 @@ skip_slash(info)
+ while (info->f_lname[0] == '/')
+ info->f_lname++;
+ }
++
++LOCAL BOOL
++has_dotdot(name)
++ char *name;
++{
++ register char *p = name;
++
++ while (*p) {
++ if ((p[0] == '.' && p[1] == '.') &&
++ (p[2] == '/' || p[2] == '\0')) {
++ return (TRUE);
++ }
++ do {
++ if (*p++ == '\0')
++ return (FALSE);
++ } while (*p != '/');
++ p++;
++ while (*p && *p == '/') /* Skip multiple slashes */
++ p++;
++ }
++ return (FALSE);
++}
Home |
Main Index |
Thread Index |
Old Index