Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Step:15-SP4
libarchive
CVE-2021-31566.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2021-31566.patch of Package libarchive
From e2ad1a2c3064fa9eba6274b3641c4c1beed25c0b Mon Sep 17 00:00:00 2001 From: Martin Matuska <martin@matuska.org> Date: Sun, 22 Aug 2021 03:53:28 +0200 Subject: [PATCH] Never follow symlinks when setting file flags on Linux When opening a file descriptor to set file flags on linux, ensure no symbolic links are followed. This fixes the case when an archive contains a directory entry followed by a symlink entry with the same path. The fixup code would modify file flags of the symlink target. --- libarchive/archive_write_disk_posix.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libarchive/archive_write_disk_posix.c b/libarchive/archive_write_disk_posix.c index ba4e65df7..8474617eb 100644 --- a/libarchive/archive_write_disk_posix.c +++ b/libarchive/archive_write_disk_posix.c @@ -3927,7 +3927,8 @@ set_fflags_platform(struct archive_write_disk *a, int fd, const char *name, /* If we weren't given an fd, open it ourselves. */ if (myfd < 0) { - myfd = open(name, O_RDONLY | O_NONBLOCK | O_BINARY | O_CLOEXEC); + myfd = open(name, O_RDONLY | O_NONBLOCK | O_BINARY | + O_CLOEXEC | O_NOFOLLOW); __archive_ensure_cloexec_flag(myfd); } if (myfd < 0)
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor