diff options
author | sobomax <sobomax@FreeBSD.org> | 2002-10-19 09:32:03 +0000 |
---|---|---|
committer | sobomax <sobomax@FreeBSD.org> | 2002-10-19 09:32:03 +0000 |
commit | ea5cbe7c7d6a705d0ae7ee1995ae852dcd1c5433 (patch) | |
tree | 838aabe79400efdbf81aeb37b25865b86c211f3a /contrib | |
parent | cedf84e6070b1f93f3abe7c9b280fa6351d0cf59 (diff) | |
download | FreeBSD-src-ea5cbe7c7d6a705d0ae7ee1995ae852dcd1c5433.zip FreeBSD-src-ea5cbe7c7d6a705d0ae7ee1995ae852dcd1c5433.tar.gz |
Fix security bug in contains_dot_dot routine.
PR: 43575
Submitted by: Brett Glass <brett@lariat.org>
X-MFC after: immediately
Diffstat (limited to 'contrib')
-rw-r--r-- | contrib/tar/src/extract.c | 11 | ||||
-rw-r--r-- | contrib/tar/src/misc.c | 7 |
2 files changed, 17 insertions, 1 deletions
diff --git a/contrib/tar/src/extract.c b/contrib/tar/src/extract.c index e492483..3032da0 100644 --- a/contrib/tar/src/extract.c +++ b/contrib/tar/src/extract.c @@ -1026,10 +1026,19 @@ extract_archive (void) { struct stat st1, st2; int e; + size_t skiplinkcrud; + + if (absolute_names_option) + skiplinkcrud = 0; + else { + skiplinkcrud = FILESYSTEM_PREFIX_LEN (current_link_name); + while (ISSLASH (current_link_name[skiplinkcrud])) + skiplinkcrud++; + } /* MSDOS does not implement links. However, djgpp's link() actually copies the file. */ - status = link (current_link_name, CURRENT_FILE_NAME); + status = link (current_link_name + skiplinkcrud, CURRENT_FILE_NAME); if (status == 0) { diff --git a/contrib/tar/src/misc.c b/contrib/tar/src/misc.c index 10851fe..8ece9c6 100644 --- a/contrib/tar/src/misc.c +++ b/contrib/tar/src/misc.c @@ -216,6 +216,13 @@ contains_dot_dot (char const *name) return 0; } while (! ISSLASH (*p)); + + do + { + if (! *p++) + return 0; + } + while ( ISSLASH (*p)); } } |