summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTimo Teräs <timo.teras@iki.fi>2015-04-24 09:54:54 +0300
committerTimo Teräs <timo.teras@iki.fi>2015-04-24 09:54:54 +0300
commit997aa99e3df068656aeca006c032538f98ea1c66 (patch)
tree7f925d2f4ce84ce693bd9743a83290591c57fcd1
parentc4960a1a7d5c376c24cf59b7109526226770e1b5 (diff)
downloadapk-tools-997aa99e3df068656aeca006c032538f98ea1c66.tar.gz
apk-tools-997aa99e3df068656aeca006c032538f98ea1c66.tar.bz2
apk-tools-997aa99e3df068656aeca006c032538f98ea1c66.tar.xz
apk-tools-997aa99e3df068656aeca006c032538f98ea1c66.zip
do not extract files with malicious name
the security implications are not as high as compared to regular tar/unzip archiver. this is because you are anyway trusting the package to install files anywhere in the filesystem. this serves rather as a sanity to check against errors in created package.
-rw-r--r--src/database.c15
1 files changed, 14 insertions, 1 deletions
diff --git a/src/database.c b/src/database.c
index 0f0496b..c814957 100644
--- a/src/database.c
+++ b/src/database.c
@@ -2258,8 +2258,21 @@ static int apk_db_install_archive_entry(void *_ctx,
if (r <= 0)
return r;
- /* Package metainfo and script processing */
r = 0;
+
+ /* Sanity check the file name */
+ if (ae->name[0] == '/' ||
+ strncmp(ae->name, "/./"+1, 3) == 0 ||
+ strncmp(ae->name, "/../"+1, 3) == 0 ||
+ strstr(ae->name, "/./") ||
+ strstr(ae->name, "/../")) {
+ apk_warning(PKG_VER_FMT": ignoring malicious file %s",
+ PKG_VER_PRINTF(pkg), ae->name);
+ ipkg->broken_files = 1;
+ return 0;
+ }
+
+ /* Package metainfo and script processing */
if (ae->name[0] == '.') {
/* APK 2.0 format */
if (strcmp(ae->name, ".PKGINFO") == 0) {