db: consider control characters in filename as malicious - apk-tools - Adélie Linux patches for Alpine Package Keeper (apk-tools)

diff options

author	Timo Teräs <timo.teras@iki.fi>	2021-04-11 14:24:26 +0300
committer	Timo Teräs <timo.teras@iki.fi>	2021-04-11 14:24:26 +0300
commit	7f9757ddc0e2f723c54e954a8dd1e97c8cb0d15c (patch)
tree	7b86f9030eb29113300c2bdc7e6d3df4d6c36cc9 /README
parent	5d32e0e34adde9bb2fe9f739b5c1abddfe17c08d (diff)
download	apk-tools-7f9757ddc0e2f723c54e954a8dd1e97c8cb0d15c.tar.gz apk-tools-7f9757ddc0e2f723c54e954a8dd1e97c8cb0d15c.tar.bz2 apk-tools-7f9757ddc0e2f723c54e954a8dd1e97c8cb0d15c.tar.xz apk-tools-7f9757ddc0e2f723c54e954a8dd1e97c8cb0d15c.zip

db: consider control characters in filename as malicious

Especially a newline can produce havoc in the database file as the filename is written there as-is. This hardenes the extraction to consider any control character as malicious. Additional hardening is added to database loading to better detect corrupt state and return proper error code about it. Reported-by: Luca Weiss <luca@z3ntu.xyz> (backported from commit c1594f60770483625891541375a074fe07338401)

Diffstat (limited to 'README')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: