Module Name: src Committed By: riastradh Date: Mon Aug 5 06:03:54 UTC 2024
Modified Files: src/bin/pax: pax.c src/tests/bin/pax: t_pax.sh Log Message: pax(1): Only require getcwd if we're reading without --insecure. No other paths use the result of getcwd. PR bin/44498: tar(1) unnecessarily demands that getcwd() work To generate a diff of this commit: cvs rdiff -u -r1.50 -r1.51 src/bin/pax/pax.c cvs rdiff -u -r1.6 -r1.7 src/tests/bin/pax/t_pax.sh Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/bin/pax/pax.c diff -u src/bin/pax/pax.c:1.50 src/bin/pax/pax.c:1.51 --- src/bin/pax/pax.c:1.50 Mon Aug 5 04:05:51 2024 +++ src/bin/pax/pax.c Mon Aug 5 06:03:54 2024 @@ -1,4 +1,4 @@ -/* $NetBSD: pax.c,v 1.50 2024/08/05 04:05:51 riastradh Exp $ */ +/* $NetBSD: pax.c,v 1.51 2024/08/05 06:03:54 riastradh Exp $ */ /*- * Copyright (c) 1992 Keith Muller. @@ -44,7 +44,7 @@ __COPYRIGHT("@(#) Copyright (c) 1992, 19 #if 0 static char sccsid[] = "@(#)pax.c 8.2 (Berkeley) 4/18/94"; #else -__RCSID("$NetBSD: pax.c,v 1.50 2024/08/05 04:05:51 riastradh Exp $"); +__RCSID("$NetBSD: pax.c,v 1.51 2024/08/05 06:03:54 riastradh Exp $"); #endif #endif /* not lint */ @@ -262,6 +262,9 @@ main(int argc, char **argv) /* * For any actions other than LIST, keep a reference to cwd, so * we can always come back home. + * + * For EXTRACT (pax -r) without --insecure, also save the path + * to cwd to check for escape attempts. */ if (act != LIST) { cwdfd = open(".", O_RDONLY); @@ -270,8 +273,10 @@ main(int argc, char **argv) "Can't open current working directory."); return exit_val; } - if (updatepath() == -1) - return exit_val; + if (act == EXTRACT && secure) { + if (updatepath() == -1) + return exit_val; + } } /* Index: src/tests/bin/pax/t_pax.sh diff -u src/tests/bin/pax/t_pax.sh:1.6 src/tests/bin/pax/t_pax.sh:1.7 --- src/tests/bin/pax/t_pax.sh:1.6 Mon Aug 5 06:03:33 2024 +++ src/tests/bin/pax/t_pax.sh Mon Aug 5 06:03:54 2024 @@ -1,4 +1,4 @@ -# $NetBSD: t_pax.sh,v 1.6 2024/08/05 06:03:33 riastradh Exp $ +# $NetBSD: t_pax.sh,v 1.7 2024/08/05 06:03:54 riastradh Exp $ # # Copyright (c) 2007, 2008 The NetBSD Foundation, Inc. # All rights reserved. @@ -86,8 +86,6 @@ pr44498_copy_body() mkdir foo foo/bar foo/bar/baz chmod 111 foo touch foo/bar/quux - atf_expect_fail 'PR bin/44498:' \ - 'tar(1) unnecessarily demands that getcwd() work' atf_check sh -c '{ cd foo/bar && exec pax -rw quux baz/.; }' } @@ -104,8 +102,6 @@ pr44498_insecureextract_body() chmod 111 foo touch baz/quux atf_check pax -w -x ustar -f baz.tar baz - atf_expect_fail 'PR bin/44498:' \ - 'tar(1) unnecessarily demands that getcwd() work' atf_check sh -c '{ cd foo/bar && exec pax -r --insecure; } <baz.tar' } @@ -136,8 +132,6 @@ pr44498_write_body() mkdir foo foo/bar touch foo/bar/quux chmod 111 foo - atf_expect_fail 'PR bin/44498:' \ - 'tar(1) unnecessarily demands that getcwd() work' atf_check sh -c '{ cd foo/bar && pax -w -x ustar .; } >bar.tar' atf_check -o 'inline:.\n./quux\n' pax -f bar.tar }