diff options
author | Timo Teräs <timo.teras@iki.fi> | 2015-04-24 09:54:54 +0300 |
---|---|---|
committer | Timo Teräs <timo.teras@iki.fi> | 2015-04-24 09:54:54 +0300 |
commit | 997aa99e3df068656aeca006c032538f98ea1c66 (patch) | |
tree | 7f925d2f4ce84ce693bd9743a83290591c57fcd1 | |
parent | c4960a1a7d5c376c24cf59b7109526226770e1b5 (diff) | |
download | apk-tools-997aa99e3df068656aeca006c032538f98ea1c66.tar.gz apk-tools-997aa99e3df068656aeca006c032538f98ea1c66.tar.bz2 apk-tools-997aa99e3df068656aeca006c032538f98ea1c66.tar.xz apk-tools-997aa99e3df068656aeca006c032538f98ea1c66.zip |
do not extract files with malicious name
the security implications are not as high as compared to regular
tar/unzip archiver. this is because you are anyway trusting
the package to install files anywhere in the filesystem.
this serves rather as a sanity to check against errors in created
package.
-rw-r--r-- | src/database.c | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/src/database.c b/src/database.c index 0f0496b..c814957 100644 --- a/src/database.c +++ b/src/database.c @@ -2258,8 +2258,21 @@ static int apk_db_install_archive_entry(void *_ctx, if (r <= 0) return r; - /* Package metainfo and script processing */ r = 0; + + /* Sanity check the file name */ + if (ae->name[0] == '/' || + strncmp(ae->name, "/./"+1, 3) == 0 || + strncmp(ae->name, "/../"+1, 3) == 0 || + strstr(ae->name, "/./") || + strstr(ae->name, "/../")) { + apk_warning(PKG_VER_FMT": ignoring malicious file %s", + PKG_VER_PRINTF(pkg), ae->name); + ipkg->broken_files = 1; + return 0; + } + + /* Package metainfo and script processing */ if (ae->name[0] == '.') { /* APK 2.0 format */ if (strcmp(ae->name, ".PKGINFO") == 0) { |