Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:42.2:Ports
fastjar
fastjar-0.98-directory-traversal.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File fastjar-0.98-directory-traversal.patch of Package fastjar
Index: fastjar-0.98/jartool.c =================================================================== --- fastjar-0.98.orig/jartool.c 2010-05-19 14:54:57.367665309 +0200 +++ fastjar-0.98/jartool.c 2010-05-19 14:54:57.381665355 +0200 @@ -1731,8 +1731,18 @@ struct stat sbuf; int depth = 0; + if(strncmp((const char *)filename, "/", 1) == 0){ + fprintf(stderr, "Absolute path names are not allowed.\n"); + exit(EXIT_FAILURE); + } + tmp_buff = malloc(sizeof(char) * strlen((const char *)filename)); + if(tmp_buff == NULL) { + fprintf(stderr, "Out of memory.\n"); + exit(EXIT_FAILURE); + } + for(;;){ const ub1 *idx = (const unsigned char *)strchr((const char *)start, '/'); @@ -1750,14 +1760,17 @@ #ifdef DEBUG printf("checking the existance of %s\n", tmp_buff); #endif - if(strcmp(tmp_buff, "..") == 0){ - --depth; - if (depth < 0){ - fprintf(stderr, "Traversal to parent directories during unpacking!\n"); - exit(EXIT_FAILURE); - } - } else if (strcmp(tmp_buff, ".") != 0) - ++depth; + if(strcmp(tmp_buff, "..") == 0 || (strlen(tmp_buff) > 2 && strncmp(tmp_buff + strlen(tmp_buff) - 3, "/..", 3) == 0)){ + --depth; + if (depth < 0){ + fprintf(stderr, "Traversal to parent directories during unpacking!\n"); + exit(EXIT_FAILURE); + } + } else if (strcmp(tmp_buff, ".") == 0 || (strlen(tmp_buff) > 1 && strncmp(tmp_buff + strlen(tmp_buff) - 2, "/.", 2) == 0)){ + /* Do nothing, the current directory is "." */ + } else + ++depth; + if(stat(tmp_buff, &sbuf) < 0){ if(errno != ENOENT) exit_on_error("stat");
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor