Blame SOURCES/gcc32-CVE-2006-3619.patch
|
 |
6f1b0c |
2006-07-17 Richard Guenther <rguenther@suse.de>
|
|
|
6f1b0c |
|
|
|
6f1b0c |
* jartool.c (extract_jar): Do not allow directory traversal
|
|
|
6f1b0c |
to parents of the extraction root.
|
|
|
6f1b0c |
|
|
|
6f1b0c |
--- fastjar/jartool.c.jj 2006-07-11 10:53:39.000000000 +0200
|
|
|
6f1b0c |
+++ fastjar/jartool.c 2006-07-18 13:49:39.000000000 +0200
|
|
|
6f1b0c |
@@ -1736,6 +1736,7 @@ int extract_jar(int fd, char **files, in
|
|
|
6f1b0c |
const ub1 *start = filename;
|
|
|
6f1b0c |
char *tmp_buff;
|
|
|
6f1b0c |
struct stat sbuf;
|
|
|
6f1b0c |
+ int depth = 0;
|
|
|
6f1b0c |
|
|
|
6f1b0c |
tmp_buff = malloc(sizeof(char) * strlen((const char *)filename));
|
|
|
6f1b0c |
|
|
|
6f1b0c |
@@ -1756,7 +1757,14 @@ int extract_jar(int fd, char **files, in
|
|
|
6f1b0c |
#ifdef DEBUG
|
|
|
6f1b0c |
printf("checking the existance of %s\n", tmp_buff);
|
|
|
6f1b0c |
#endif
|
|
|
6f1b0c |
-
|
|
|
6f1b0c |
+ if(strcmp(tmp_buff, "..") == 0){
|
|
|
6f1b0c |
+ --depth;
|
|
|
6f1b0c |
+ if (depth < 0){
|
|
|
6f1b0c |
+ fprintf(stderr, "Traversal to parent directories during unpacking!\n");
|
|
|
6f1b0c |
+ exit(1);
|
|
|
6f1b0c |
+ }
|
|
|
6f1b0c |
+ } else if (strcmp(tmp_buff, ".") != 0)
|
|
|
6f1b0c |
+ ++depth;
|
|
|
6f1b0c |
if(stat(tmp_buff, &sbuf) < 0){
|
|
|
6f1b0c |
if(errno != ENOENT){
|
|
|
6f1b0c |
perror("stat");
|