ar: Disallow directory traversal
ClosedPublic
Actions

Authored by emaste on Jan 13 2015, 10:22 PM.

Details

Reviewers

Summary

Set ARCHIVE_EXTRACT_SECURE_SYMLINKS and ARCHIVE_EXTRACT_SECURE_NODOTDOT as in bsdtar to prevent extraction of archive entries whose pathnames contain .. or whose target directory would be altered by a symlink. Also disallow absolute pathnames.

We don't currently provide an option to disable this behaviour (as bsdtar's -P does). It is unlikely to be a problem in practice for ar(1), but the -P option is available if we want to allow it.

Reported by: Alexander Cherepanov <cherepan@mccme.ru>
Elftoolchain ticket: 474

Test Plan

From https://sourceforge.net/p/elftoolchain/tickets/474/

~~~
printf '!<arch>\n%-48s%-10s`\n%-48s%-10s`\n' /tmp/file 0 ../file 0 > test.a
n% ./ar -xv test.a
x - /tmp/file
ar: warning: Absolute path '/tmp/file'
x - ../file
ar: warning: Path contains '..'
~~~

Diff Detail

Lint

Lint Skipped

Unit

Tests Skipped

Event Timeline

emaste updated this revision to Diff 3162.Jan 13 2015, 10:22 PM

emaste retitled this revision from to ar: Disallow directory traversal.

emaste updated this object.

emaste edited the test plan for this revision. (Show Details)

emaste added a subscriber: Unknown Object (MLST).

emaste accepted this revision.Apr 9 2015, 2:35 PM

emaste added a reviewer: emaste.

This revision is now accepted and ready to land.Apr 9 2015, 2:35 PM

Author: emaste
Date: Thu Apr 9 13:45:17 2015
New Revision: 281311
URL: https://svnweb.freebsd.org/changeset/base/281311

Revision Contents
Changeset List

Path

Size

usr.bin/

ar/

read.c

10 lines

Diff 3162

View Options

ar: Disallow directory traversalClosedPublicActions