Marcus Meissner
45e9058a89
- Make use of license %macro
- Applied spec-cleaner
- Added patches:
* arc-5.21p-directory-traversel.patch: Fixes a directory traversal
vulnerability (CVE-2015-9275 bsc#1121032)
* arc-5.21p-fix-arcdie.patch: Fixed a crash on 64 bit machines when arcdie
gets called with more than 1 variable argument
* arc-5.21p-hdrv1-read-fix.patch: Fixed version 1 arc header reading
OBS-URL: https://build.opensuse.org/request/show/663595
OBS-URL: https://build.opensuse.org/package/show/Archiving/arc?expand=0&rev=6
22 lines
944 B
Diff
22 lines
944 B
Diff
Fix directory traversal bugs
|
|
|
|
arc archives do not contain directory hierarchies, only filenames, so refuse
|
|
to operate on archives which have the directory-seperator inside filenames.
|
|
|
|
BugLink: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774527
|
|
BugLink: https://bugzilla.redhat.com/show_bug.cgi?id=1179143
|
|
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
|
|
diff -up arc-5.21p/arcio.c~ arc-5.21p/arcio.c
|
|
--- arc-5.21p/arcio.c~ 2015-01-16 13:04:16.000000000 +0100
|
|
+++ arc-5.21p/arcio.c 2015-01-16 15:45:31.389010626 +0100
|
|
@@ -109,6 +109,9 @@ readhdr(hdr, f) /* read a header from
|
|
#if _MTS
|
|
(void) atoe(hdr->name, strlen(hdr->name));
|
|
#endif
|
|
+ if (strchr(hdr->name, CUTOFF) != NULL)
|
|
+ arcdie("%s contains illegal filename %s", arcname, hdr->name);
|
|
+
|
|
for (i = 0, hdr->size=0; i<4; hdr->size<<=8, hdr->size += dummy[16-i], i++);
|
|
hdr->date = (short) ((dummy[18] << 8) + dummy[17]);
|
|
hdr->time = (short) ((dummy[20] << 8) + dummy[19]);
|