Package: tar / 1.27.1-2+deb8u1

When-extracting-skip-.-members.patch Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
Description: When extracting, skip ".." members (CVE-2016-6321)
Origin: upstream,  http://git.savannah.gnu.org/cgit/tar.git/commit/?id=7340f67b9860ea0531c1450e5aa261c50f67165d
Bug-Debian: https://bugs.debian.org/842339
Forwarded: not-needed.
Author: Paul Eggert <eggert@Penguin.CS.UCLA.EDU>
Last-Update: 2016-10-30
---
 src/extract.c | 8 ++++++++
 2 files changed, 15 insertions(+), 1 deletion(-)

--- a/src/extract.c
+++ b/src/extract.c
@@ -1584,12 +1584,20 @@ extract_archive (void)
 {
   char typeflag;
   tar_extractor_t fun;
+  bool skip_dotdot_name;
 
   fatal_exit_hook = extract_finish;
 
   set_next_block_after (current_header);
 
+  skip_dotdot_name = (!absolute_names_option
+		      && contains_dot_dot (current_stat_info.orig_file_name));
+  if (skip_dotdot_name)
+    ERROR ((0, 0, _("%s: Member name contains '..'"),
+	    quotearg_colon (current_stat_info.orig_file_name)));
+
   if (!current_stat_info.file_name[0]
+      || skip_dotdot_name
       || (interactive_option
 	  && !confirm ("extract", current_stat_info.file_name)))
     {