db: consider control characters in filename as malicious - apk-tools - Adélie Linux patches for Alpine Package Keeper (apk-tools)

diff options

author	Timo Teräs <timo.teras@iki.fi>	2021-02-04 22:28:23 +0200
committer	Timo Teräs <timo.teras@iki.fi>	2021-02-07 15:31:41 +0200
commit	c1594f60770483625891541375a074fe07338401 (patch)
tree	a3c5560574f370a67e00034a6b750ee0766341d4 /README.md
parent	77adfc5e67c7a8489705d497bf11568b6c7f3b31 (diff)
download	apk-tools-c1594f60770483625891541375a074fe07338401.tar.gz apk-tools-c1594f60770483625891541375a074fe07338401.tar.bz2 apk-tools-c1594f60770483625891541375a074fe07338401.tar.xz apk-tools-c1594f60770483625891541375a074fe07338401.zip

db: consider control characters in filename as malicious

Especially a newline can produce havoc in the database file as the filename is written there as-is. This hardenes the extraction to consider any control character as malicious. Additional hardening is added to database loading to better detect corrupt state and return proper error code about it. Reported-by: Luca Weiss <luca@z3ntu.xyz>

Diffstat (limited to 'README.md')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: