Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP2:GA
gnome-autoar.18407
gnome-autoar-CVE-2020-36241.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File gnome-autoar-CVE-2020-36241.patch of Package gnome-autoar.18407
diff --unified --recursive --text gnome-autoar-0.2.3.old/gnome-autoar/autoar-extractor.c gnome-autoar-0.2.3.new/gnome-autoar/autoar-extractor.c --- gnome-autoar-0.2.3.old/gnome-autoar/autoar-extractor.c 2021-02-22 14:38:35.656655413 +0800 +++ gnome-autoar-0.2.3.new/gnome-autoar/autoar-extractor.c 2021-02-22 14:47:44.487781173 +0800 @@ -843,32 +843,73 @@ return prefix; } +static gboolean +is_valid_filename (GFile *file, GFile *destination) +{ + g_autoptr (GFile) parent = NULL; + g_autoptr (GFileInfo) info = NULL; + + if (g_file_equal (file, destination)) + return TRUE; + + if (!g_file_has_prefix (file, destination)) + return FALSE; + + /* Resolve symbolic link ancestors to confirm file is actually inside destination. */ + parent = g_file_get_parent (file); + info = g_file_query_info (parent, + G_FILE_ATTRIBUTE_STANDARD_IS_SYMLINK "," + G_FILE_ATTRIBUTE_STANDARD_SYMLINK_TARGET, + G_FILE_QUERY_INFO_NOFOLLOW_SYMLINKS, + NULL, + NULL); + if (info == NULL) + return FALSE; + + if (g_file_info_get_is_symlink (info)) { + g_autoptr (GFile) cwd = NULL; + const gchar *target; + + target = g_file_info_get_symlink_target (info); + if (g_path_is_absolute (target)) + return FALSE; + + cwd = g_file_get_parent (parent); + g_object_unref (parent); + parent = g_file_resolve_relative_path (cwd, target); + } + + /* Climb up the path to resolve every symbolic link ancestor found */ + return is_valid_filename (parent, destination); +} + static GFile* autoar_extractor_do_sanitize_pathname (AutoarExtractor *self, const char *pathname_bytes) { GFile *extracted_filename; gboolean valid_filename; - g_autofree char *sanitized_pathname; + g_autofree char *sanitized_pathname = NULL; g_autofree char *utf8_pathname; utf8_pathname = autoar_common_get_utf8_pathname (pathname_bytes); extracted_filename = g_file_get_child (self->destination_dir, utf8_pathname ? utf8_pathname : pathname_bytes); - valid_filename = - g_file_equal (extracted_filename, self->destination_dir) || - g_file_has_prefix (extracted_filename, self->destination_dir); - + valid_filename = is_valid_filename (extracted_filename, self->destination_dir); if (!valid_filename) { - g_autofree char *basename; - - basename = g_file_get_basename (extracted_filename); + /** + * g_file_peek_path requires GLib 2.56 or higher, so use g_file_get_path + * with g_free here instead. + */ + char *local_path = g_file_get_path (extracted_filename); + g_warning ("autoar_extractor_do_sanitize_pathname: %s is outside of the destination dir", + local_path); + g_free(local_path); g_object_unref (extracted_filename); - extracted_filename = g_file_get_child (self->destination_dir, - basename); + return NULL; } if (self->prefix != NULL && self->new_prefix != NULL) { @@ -1830,10 +1871,18 @@ extracted_filename = autoar_extractor_do_sanitize_pathname (self, pathname); + if (extracted_filename == NULL) { + archive_read_data_skip (a); + continue; + } if (hardlink != NULL) { hardlink_filename = autoar_extractor_do_sanitize_pathname (self, hardlink); + if (hardlink_filename == NULL) { + archive_read_data_skip (a); + continue; + } } /* Attempt to solve any name conflict before doing any operations */
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor