pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/archivers/star Fix directory traversal vulnerability (...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/ee122ae4c40a
branches:  trunk
changeset: 543180:ee122ae4c40a
user:      tonnerre <tonnerre%pkgsrc.org@localhost>
date:      Sun Jun 08 02:40:38 2008 +0000

description:
Fix directory traversal vulnerability (CVE-2007-4134) in star.

diffstat:

 archivers/star/Makefile         |   4 +-
 archivers/star/distinfo         |   3 +-
 archivers/star/patches/patch-ad |  64 +++++++++++++++++++++++++++++++++++++++++
 3 files changed, 68 insertions(+), 3 deletions(-)

diffs (96 lines):

diff -r 4b2e668da952 -r ee122ae4c40a archivers/star/Makefile
--- a/archivers/star/Makefile   Sun Jun 08 01:23:26 2008 +0000
+++ b/archivers/star/Makefile   Sun Jun 08 02:40:38 2008 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.21 2007/12/30 17:25:41 cjep Exp $
+# $NetBSD: Makefile,v 1.22 2008/06/08 02:40:38 tonnerre Exp $
 #
 
 DISTNAME=      star-1.4.3
-PKGREVISION=   3
+PKGREVISION=   4
 CATEGORIES=    archivers
 MASTER_SITES=  ftp://ftp.berlios.de/pub/star/
 
diff -r 4b2e668da952 -r ee122ae4c40a archivers/star/distinfo
--- a/archivers/star/distinfo   Sun Jun 08 01:23:26 2008 +0000
+++ b/archivers/star/distinfo   Sun Jun 08 02:40:38 2008 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.8 2007/12/30 17:25:42 cjep Exp $
+$NetBSD: distinfo,v 1.9 2008/06/08 02:40:38 tonnerre Exp $
 
 SHA1 (star-1.4.3.tar.gz) = c59b68d97edba77a9ac6000be04d457ded1eefe9
 RMD160 (star-1.4.3.tar.gz) = f7ec71bfab1723c994e5eed7e6818394a41d44d9
@@ -6,3 +6,4 @@
 SHA1 (patch-aa) = 4fe4af396adf23eb7ac071b02a7bf726ab1e4318
 SHA1 (patch-ab) = aea3af88d3bedf2ce7a7744c90062ba4e57bb79f
 SHA1 (patch-ac) = 81e6361db3903e5b04fae4e70ad3a37f9a2f4fa7
+SHA1 (patch-ad) = 8e9fff0b8345a1997ae08a5c5e57260b4c5f8090
diff -r 4b2e668da952 -r ee122ae4c40a archivers/star/patches/patch-ad
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/archivers/star/patches/patch-ad   Sun Jun 08 02:40:38 2008 +0000
@@ -0,0 +1,64 @@
+$NetBSD: patch-ad,v 1.1 2008/06/08 02:40:38 tonnerre Exp $
+
+--- star/extract.c.orig        2002-05-02 22:02:41.000000000 +0200
++++ star/extract.c
+@@ -92,6 +92,7 @@ EXPORT       int     xt_file         __PR((FINFO * info,
+                                       int (*)(void *, char *, int),
+                                       void *arg, int amt, char* text));
+ EXPORT        void    skip_slash      __PR((FINFO * info));
++LOCAL BOOL    has_dotdot      __PR((char *name));
+ 
+ EXPORT void
+ extract(vhname)
+@@ -152,6 +153,12 @@ extract(vhname)
+               if (is_symlink(&finfo) && same_symlink(&finfo)) {
+                       continue;
+               }
++              if (!interactive && has_dotdot(finfo.f_name)) {
++                      errmsgno(EX_BAD, "'%s' contains '..', skipping ...\n",
++                              finfo.f_name);
++                      void_file(&finfo);
++                      return (FALSE);
++              }
+               if (interactive && !ia_change(ptb, &finfo)) {
+                       if (!nflag)
+                               fprintf(vpr, "Skipping ...\n");
+@@ -169,6 +176,12 @@ extract(vhname)
+                       if (!make_dir(&finfo))
+                               continue;
+               } else if (is_link(&finfo)) {
++                      if (!interactive && has_dotdot(finfo.f_lname)) {
++                              errmsgno(EX_BAD, "'%s' contains '..', "
++                                      "skipping ...\n", finfo.f_lname);
++                              void_file(&finfo);
++                              return (FALSE);
++                      }
+                       if (!make_link(&finfo))
+                               continue;
+               } else if (is_symlink(&finfo)) {
+@@ -830,3 +843,25 @@ skip_slash(info)
+       while (info->f_lname[0] == '/')
+               info->f_lname++;
+ }
++
++LOCAL BOOL
++has_dotdot(name)
++      char    *name;
++{
++      register char   *p = name;
++
++      while (*p) {
++              if ((p[0] == '.' && p[1] == '.') &&
++                  (p[2] == '/' || p[2] == '\0')) {
++                      return (TRUE);
++              }
++              do {
++                      if (*p++ == '\0')
++                              return (FALSE);
++              } while (*p != '/');
++              p++;
++              while (*p && *p == '/') /* Skip multiple slashes */
++                      p++;
++      }
++      return (FALSE);
++}



Home | Main Index | Thread Index | Old Index