[4.0/4.1] fastjar fix for PR28359

Matthias Klose doko@cs.tu-berlin.de
Fri Aug 4 14:55:00 GMT 2006


Not yet applied to the active release branches. Ok to checkin?

  Matthias

2006-08-04  Matthias Klose  <doko@debian.org>

	PR fastjar/28359 / CVE-2006-3619

	2006-07-17  Richard Guenther  <rguenther@suse.de>
	* jartool.c (extract_jar): Do not allow directory traversal
	to parents of the extraction root.

Index: jartool.c
===================================================================
--- jartool.c	(revision 115922)
+++ jartool.c	(working copy)
@@ -1736,6 +1736,7 @@
       const ub1 *start = filename;
       char *tmp_buff;
       struct stat sbuf;
+      int depth = 0;
 
       tmp_buff = malloc(sizeof(char) * strlen((const char *)filename));
 
@@ -1756,7 +1757,14 @@
 #ifdef DEBUG    
         printf("checking the existance of %s\n", tmp_buff);
 #endif
-
+	if(strcmp(tmp_buff, "..") == 0){
+	  --depth;
+	  if (depth < 0){
+	    fprintf(stderr, "Traversal to parent directories during unpacking!\n");
+	    exit(1);
+	  }
+	} else if (strcmp(tmp_buff, ".") != 0)
+	  ++depth;
         if(stat(tmp_buff, &sbuf) < 0){
           if(errno != ENOENT){
             perror("stat");



More information about the Gcc-patches mailing list