CVS commit: src

Taylor R Campbell Sun, 04 Aug 2024 23:04:00 -0700

Module Name:    src
Committed By:   riastradh
Date:           Mon Aug  5 06:03:54 UTC 2024


Modified Files:
        src/bin/pax: pax.c
        src/tests/bin/pax: t_pax.sh

Log Message:
pax(1): Only require getcwd if we're reading without --insecure.

No other paths use the result of getcwd.

PR bin/44498: tar(1) unnecessarily demands that getcwd() work


To generate a diff of this commit:
cvs rdiff -u -r1.50 -r1.51 src/bin/pax/pax.c
cvs rdiff -u -r1.6 -r1.7 src/tests/bin/pax/t_pax.sh

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/bin/pax/pax.c
diff -u src/bin/pax/pax.c:1.50 src/bin/pax/pax.c:1.51
--- src/bin/pax/pax.c:1.50	Mon Aug  5 04:05:51 2024
+++ src/bin/pax/pax.c	Mon Aug  5 06:03:54 2024
@@ -1,4 +1,4 @@
-/*	$NetBSD: pax.c,v 1.50 2024/08/05 04:05:51 riastradh Exp $	*/
+/*	$NetBSD: pax.c,v 1.51 2024/08/05 06:03:54 riastradh Exp $	*/
 
 /*-
  * Copyright (c) 1992 Keith Muller.
@@ -44,7 +44,7 @@ __COPYRIGHT("@(#) Copyright (c) 1992, 19
 #if 0
 static char sccsid[] = "@(#)pax.c	8.2 (Berkeley) 4/18/94";
 #else
-__RCSID("$NetBSD: pax.c,v 1.50 2024/08/05 04:05:51 riastradh Exp $");
+__RCSID("$NetBSD: pax.c,v 1.51 2024/08/05 06:03:54 riastradh Exp $");
 #endif
 #endif /* not lint */
 
@@ -262,6 +262,9 @@ main(int argc, char **argv)
 	/*
 	 * For any actions other than LIST, keep a reference to cwd, so
 	 * we can always come back home.
+	 *
+	 * For EXTRACT (pax -r) without --insecure, also save the path
+	 * to cwd to check for escape attempts.
 	 */
 	if (act != LIST) {
 		cwdfd = open(".", O_RDONLY);
@@ -270,8 +273,10 @@ main(int argc, char **argv)
 			    "Can't open current working directory.");
 			return exit_val;
 		}
-		if (updatepath() == -1)
-			return exit_val;
+		if (act == EXTRACT && secure) {
+			if (updatepath() == -1)
+				return exit_val;
+		}
 	}
 
 	/*

Index: src/tests/bin/pax/t_pax.sh
diff -u src/tests/bin/pax/t_pax.sh:1.6 src/tests/bin/pax/t_pax.sh:1.7
--- src/tests/bin/pax/t_pax.sh:1.6	Mon Aug  5 06:03:33 2024
+++ src/tests/bin/pax/t_pax.sh	Mon Aug  5 06:03:54 2024
@@ -1,4 +1,4 @@
-# $NetBSD: t_pax.sh,v 1.6 2024/08/05 06:03:33 riastradh Exp $
+# $NetBSD: t_pax.sh,v 1.7 2024/08/05 06:03:54 riastradh Exp $
 #
 # Copyright (c) 2007, 2008 The NetBSD Foundation, Inc.
 # All rights reserved.
@@ -86,8 +86,6 @@ pr44498_copy_body()
 	mkdir foo foo/bar foo/bar/baz
 	chmod 111 foo
 	touch foo/bar/quux
-	atf_expect_fail 'PR bin/44498:' \
-	    'tar(1) unnecessarily demands that getcwd() work'
 	atf_check sh -c '{ cd foo/bar && exec pax -rw quux baz/.; }'
 }
 
@@ -104,8 +102,6 @@ pr44498_insecureextract_body()
 	chmod 111 foo
 	touch baz/quux
 	atf_check pax -w -x ustar -f baz.tar baz
-	atf_expect_fail 'PR bin/44498:' \
-	    'tar(1) unnecessarily demands that getcwd() work'
 	atf_check sh -c '{ cd foo/bar && exec pax -r --insecure; } <baz.tar'
 }
 
@@ -136,8 +132,6 @@ pr44498_write_body()
 	mkdir foo foo/bar
 	touch foo/bar/quux
 	chmod 111 foo
-	atf_expect_fail 'PR bin/44498:' \
-	    'tar(1) unnecessarily demands that getcwd() work'
 	atf_check sh -c '{ cd foo/bar && pax -w -x ustar .; } >bar.tar'
 	atf_check -o 'inline:.\n./quux\n' pax -f bar.tar
 }

CVS commit: src

Reply via email to