Author: mm
Date: Sat May 21 09:24:02 2016
New Revision: 300362
URL: https://svnweb.freebsd.org/changeset/base/300362
Log:
Backport security fix for integer signedness error in libarchive.
This is a direct commit to stable/9.
Upstream git commit: 22531545514043e04633e1c015c7540b9de9dbe4
Security: CVE-2013-0211
Modified:
stable/9/contrib/libarchive/libarchive/archive_write_disk.c
Modified: stable/9/contrib/libarchive/libarchive/archive_write_disk.c
==============================================================================
--- stable/9/contrib/libarchive/libarchive/archive_write_disk.c Sat May 21
09:03:45 2016 (r300361)
+++ stable/9/contrib/libarchive/libarchive/archive_write_disk.c Sat May 21
09:24:02 2016 (r300362)
@@ -1649,8 +1649,9 @@ cleanup_pathname_win(struct archive_writ
/*
* Canonicalize the pathname. In particular, this strips duplicate
* '/' characters, '.' elements, and trailing '/'. It also raises an
- * error for an empty path, a trailing '..' or (if _SECURE_NODOTDOT is
- * set) any '..' in the path.
+ * error for an empty path, a trailing '..', (if _SECURE_NODOTDOT is
+ * set) any '..' in the path or (if ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS
+ * is set) if the path is absolute.
*/
static int
cleanup_pathname(struct archive_write_disk *a)
@@ -1670,8 +1671,15 @@ cleanup_pathname(struct archive_write_di
return (ARCHIVE_FAILED);
#endif
/* Skip leading '/'. */
- if (*src == '/')
+ if (*src == '/') {
+ if (a->flags & ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS) {
+ archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
+ "Path is absolute");
+ return (ARCHIVE_FAILED);
+ }
+
separator = *src++;
+ }
/* Scan the pathname one element at a time. */
for (;;) {
_______________________________________________
svn-src-stable-9@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-stable-9
To unsubscribe, send any mail to "svn-src-stable-9-unsubscr...@freebsd.org"
