db: consider control characters in filename as malicious - apk-tools - Adélie Linux patches for Alpine Package Keeper (apk-tools)

diff options

author	Timo Teräs <timo.teras@iki.fi>	2021-02-04 22:28:23 +0200
committer	Timo Teräs <timo.teras@iki.fi>	2021-02-04 22:30:26 +0200
commit	1a4f2e94ddac3ceb184831105c12fc3b05c0b081 (patch)
tree	34a876e3b8b3451fb9e1b7026d647a67f3fdd989 /doc/apk-cache.8.scd
parent	f6656f9d8e04d8985392416e77aead850951ab7b (diff)
download	apk-tools-1a4f2e94ddac3ceb184831105c12fc3b05c0b081.tar.gz apk-tools-1a4f2e94ddac3ceb184831105c12fc3b05c0b081.tar.bz2 apk-tools-1a4f2e94ddac3ceb184831105c12fc3b05c0b081.tar.xz apk-tools-1a4f2e94ddac3ceb184831105c12fc3b05c0b081.zip

db: consider control characters in filename as malicious

Especially a newline can produce havoc in the database file as the filename is written there as-is. This hardenes the extraction to consider any control character as malicious. Additional hardening is added to database loading to better detect corrupt state and return proper error code about it. Reported-by: Luca Weiss <luca@z3ntu.xyz>

Diffstat (limited to 'doc/apk-cache.8.scd')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: