diff options
| author | Timo Teräs <timo.teras@iki.fi> | 2018-09-05 19:49:22 +0300 |
|---|---|---|
| committer | Timo Teräs <timo.teras@iki.fi> | 2018-09-10 11:17:43 +0300 |
| commit | 7960a80caa1648c09cd9f86086b3817bc8cbec8e (patch) | |
| tree | 24167bbd766f2cd7bf3f3797147645a0a6d01ede /src/apk-test.c | |
| parent | 7c90fd0529c0358dd04cab0fce506e8a8b191506 (diff) | |
| download | apk-tools-7960a80caa1648c09cd9f86086b3817bc8cbec8e.tar.gz apk-tools-7960a80caa1648c09cd9f86086b3817bc8cbec8e.tar.bz2 apk-tools-7960a80caa1648c09cd9f86086b3817bc8cbec8e.tar.xz apk-tools-7960a80caa1648c09cd9f86086b3817bc8cbec8e.zip | |
rework unpacking of packages and harden package file format requirements
A crafted .apk file could to trick apk writing unverified data to
an unexpected file during temporary file creation due to bugs in handling
long link target name and the way a regular file is extracted.
Several hardening steps are implemented to avoid this:
- the temporary file is now always first unlinked (apk thus reserved
all filenames .apk.* to be it's working files)
- the temporary file is after that created with O_EXCL to avoid races
- the temporary file is no longer directly the archive entry name
and thus directly controlled by potentially untrusted data
- long file names and link target names are now rejected
- hard link targets are now more rigorously checked
- various additional checks added for the extraction process to
error out early in case of malformed (or old legacy) file
Reported-by: Max Justicz <max@justi.cz>
(cherry picked from commit 6484ed9849f03971eb48ee1fdc21a2f128247eb1)
Diffstat (limited to 'src/apk-test.c')
0 files changed, 0 insertions, 0 deletions