Blame SOURCES/libarchive-3.1.2-CVE-2015-8916-CVE-2015-8917.patch
|
 |
995285 |
From b2e2abbb13ddcd962470cc1adb43b085f6e407a4 Mon Sep 17 00:00:00 2001
|
|
|
995285 |
From: Tim Kientzle <kientzle@acm.org>
|
|
|
995285 |
Date: Fri, 6 Feb 2015 22:45:58 -0800
|
|
|
995285 |
Subject: [PATCH] Issues 396, 397: Ignore entries with empty filenames.
|
|
|
995285 |
|
|
|
995285 |
Bugs in the rar and cab readers lead to returning entries
|
|
|
995285 |
with empty filenames. Make bsdtar resistant to this.
|
|
|
995285 |
|
|
|
995285 |
Of course, we should also fix the rar and cab
|
|
|
995285 |
readers to handle these cases correctly and either
|
|
|
995285 |
return correctly-populated entries or fail cleanly.
|
|
|
995285 |
---
|
|
|
995285 |
tar/read.c | 6 ++++++
|
|
|
995285 |
1 file changed, 6 insertions(+)
|
|
|
995285 |
|
|
|
995285 |
diff --git a/tar/read.c b/tar/read.c
|
|
|
995285 |
index 8267b70..430cff0 100644
|
|
|
995285 |
--- a/tar/read.c
|
|
|
995285 |
+++ b/tar/read.c
|
|
|
995285 |
@@ -264,6 +264,12 @@ read_archive(struct bsdtar *bsdtar, char mode, struct archive *writer)
|
|
|
995285 |
}
|
|
|
995285 |
if (r == ARCHIVE_FATAL)
|
|
|
995285 |
break;
|
|
|
995285 |
+ const char *p = archive_entry_pathname(entry);
|
|
|
995285 |
+ if (p == NULL || p[0] == '\0') {
|
|
|
995285 |
+ lafe_warnc(0, "Archive entry has empty or unreadable filename ... skipping.");
|
|
|
995285 |
+ bsdtar->return_value = 1;
|
|
|
995285 |
+ continue;
|
|
|
995285 |
+ }
|
|
|
995285 |
|
|
|
995285 |
if (bsdtar->uid >= 0) {
|
|
|
995285 |
archive_entry_set_uid(entry, bsdtar->uid);
|
|
|
995285 |
--
|
|
|
995285 |
2.7.4
|
|
|
995285 |
|