diff options
author | glebius <glebius@FreeBSD.org> | 2016-05-31 16:35:03 +0000 |
---|---|---|
committer | glebius <glebius@FreeBSD.org> | 2016-05-31 16:35:03 +0000 |
commit | a4a1ee276a9b4b2382dbed7d6d278b0a901a5d05 (patch) | |
tree | 59de8ba9bc739e7081aaf3f3c3a3279188d940ba /contrib/libarchive/cpio | |
parent | 8a232783c3444677eb1faa3048123dda21767094 (diff) | |
download | FreeBSD-src-a4a1ee276a9b4b2382dbed7d6d278b0a901a5d05.zip FreeBSD-src-a4a1ee276a9b4b2382dbed7d6d278b0a901a5d05.tar.gz |
Merge r300361 by mm@:
Backport security fix for absolute path traversal
vulnerability in bsdcpio.
Security: CVE-2015-2304
Security: SA-16:22
Approved by: so
Diffstat (limited to 'contrib/libarchive/cpio')
-rw-r--r-- | contrib/libarchive/cpio/bsdcpio.1 | 3 | ||||
-rw-r--r-- | contrib/libarchive/cpio/cpio.c | 3 |
2 files changed, 5 insertions, 1 deletions
diff --git a/contrib/libarchive/cpio/bsdcpio.1 b/contrib/libarchive/cpio/bsdcpio.1 index b3d0d40..7794b0a 100644 --- a/contrib/libarchive/cpio/bsdcpio.1 +++ b/contrib/libarchive/cpio/bsdcpio.1 @@ -156,7 +156,8 @@ See above for description. .It Fl Fl insecure (i and p mode only) Disable security checks during extraction or copying. -This allows extraction via symbolic links and path names containing +This allows extraction via symbolic links, absolute paths, +and path names containing .Sq .. in the name. .It Fl J , Fl Fl xz diff --git a/contrib/libarchive/cpio/cpio.c b/contrib/libarchive/cpio/cpio.c index 7a34b80..9277c9e 100644 --- a/contrib/libarchive/cpio/cpio.c +++ b/contrib/libarchive/cpio/cpio.c @@ -179,6 +179,7 @@ main(int argc, char *argv[]) cpio->extract_flags |= ARCHIVE_EXTRACT_NO_OVERWRITE_NEWER; cpio->extract_flags |= ARCHIVE_EXTRACT_SECURE_SYMLINKS; cpio->extract_flags |= ARCHIVE_EXTRACT_SECURE_NODOTDOT; + cpio->extract_flags |= ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS; cpio->extract_flags |= ARCHIVE_EXTRACT_PERM; cpio->extract_flags |= ARCHIVE_EXTRACT_FFLAGS; cpio->extract_flags |= ARCHIVE_EXTRACT_ACL; @@ -264,6 +265,7 @@ main(int argc, char *argv[]) case OPTION_INSECURE: cpio->extract_flags &= ~ARCHIVE_EXTRACT_SECURE_SYMLINKS; cpio->extract_flags &= ~ARCHIVE_EXTRACT_SECURE_NODOTDOT; + cpio->extract_flags &= ~ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS; break; case 'L': /* GNU cpio */ cpio->option_follow_links = 1; @@ -300,6 +302,7 @@ main(int argc, char *argv[]) "Cannot use both -p and -%c", cpio->mode); cpio->mode = opt; cpio->extract_flags &= ~ARCHIVE_EXTRACT_SECURE_NODOTDOT; + cpio->extract_flags &= ~ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS; break; case OPTION_PRESERVE_OWNER: cpio->extract_flags |= ARCHIVE_EXTRACT_OWNER; |