summaryrefslogtreecommitdiff
path: root/test/error1.test
diff options
context:
space:
mode:
authorTimo Teräs <timo.teras@iki.fi>2018-09-05 19:49:22 +0300
committerTimo Teräs <timo.teras@iki.fi>2018-09-10 10:59:39 +0300
commit6484ed9849f03971eb48ee1fdc21a2f128247eb1 (patch)
treeed0ecf3a027f0497596355ae7895112c5cb99a4a /test/error1.test
parentb11f9aa9286320a73a02cd14bfff5974e05a430b (diff)
downloadapk-tools-6484ed9849f03971eb48ee1fdc21a2f128247eb1.tar.gz
apk-tools-6484ed9849f03971eb48ee1fdc21a2f128247eb1.tar.bz2
apk-tools-6484ed9849f03971eb48ee1fdc21a2f128247eb1.tar.xz
apk-tools-6484ed9849f03971eb48ee1fdc21a2f128247eb1.zip
rework unpacking of packages and harden package file format requirements
A crafted .apk file could to trick apk writing unverified data to an unexpected file during temporary file creation due to bugs in handling long link target name and the way a regular file is extracted. Several hardening steps are implemented to avoid this: - the temporary file is now always first unlinked (apk thus reserved all filenames .apk.* to be it's working files) - the temporary file is after that created with O_EXCL to avoid races - the temporary file is no longer directly the archive entry name and thus directly controlled by potentially untrusted data - long file names and link target names are now rejected - hard link targets are now more rigorously checked - various additional checks added for the extraction process to error out early in case of malformed (or old legacy) file Reported-by: Max Justicz <max@justi.cz>
Diffstat (limited to 'test/error1.test')
0 files changed, 0 insertions, 0 deletions