This is the mail archive of the
gcc-bugs@gcc.gnu.org
mailing list for the GCC project.
[Bug fastjar/28359] fastjar directory traversal problem
- From: "jakub at gcc dot gnu dot org" <gcc-bugzilla at gcc dot gnu dot org>
- To: gcc-bugs at gcc dot gnu dot org
- Date: 9 Jun 2010 09:39:11 -0000
- Subject: [Bug fastjar/28359] fastjar directory traversal problem
- References: <bug-28359-3760@http.gcc.gnu.org/bugzilla/>
- Reply-to: gcc-bugzilla at gcc dot gnu dot org
------- Comment #19 from jakub at gcc dot gnu dot org 2010-06-09 09:39 -------
Created an attachment (id=20874)
--> (http://gcc.gnu.org/bugzilla/attachment.cgi?id=20874&action=view)
CVE-2010-0831.patch
Just for the record, the patch that went in leaves fastjar still vulnerable.
The main issue is that tmp_buff isn't the current directory component, but
current directory component with all previous directory component, so the
.. and . tests will match only for the first component.
https://launchpad.net/bugs/540575
has some patch, but it is very ugly and inefficient.
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=28359