summaryrefslogtreecommitdiff
path: root/src/io_archive.c
AgeCommit message (Collapse)AuthorFilesLines
2022-02-24tar: allow for space as numeric field terminatorptrcnull1-1/+1
2021-08-23tar: improve compatibilityTimo Teräs1-20/+30
- check magic field for 'ustar' on read - harden get_octal to report errors on non-octal characters (e.g. GNU base256 encoding), fixes #10757 - fix mtime and size octal fields to not have zero terminator
2021-07-25io_archive: Use SOURCE_DATE_EPOCH for meta files instead of current timekpcyrd1-1/+1
[TT: minor stylistic changes]
2021-04-11io_archive: add bounds limit for uname and gname tar header fieldsTimo Teräs1-2/+3
Modify apk_resolve_[ug]id to take the user/groupname as a blob, so proper length checking is done and honored. ==31584== Conditional jump or move depends on uninitialised value(s) ==31584== at 0x5C8CA5: strlen (strlen.c:17) ==31584== by 0x432575: APK_BLOB_STR (apk_blob.h:79) ==31584== by 0x4350EB: apk_resolve_uid (io.c:1112) ==31584== by 0x43696C: apk_tar_parse (io_archive.c:152) ==31584== by 0x4271BC: apk_pkg_read (package.c:929) ==31584== by 0x402D75: add_main (app_add.c:163) ==31584== by 0x40D5FF: main (apk-static.c:516) Fixes a potential crash (DoS) on a crafted TAR file. CVE-2021-30139. Reported-by: Sören Tempel <soeren+git@soeren-tempel.net> Reviewed-by: Ariadne Conill <ariadne@dereferenced.org>
2020-05-07use SPDX-License-Identifier in source filesTBK1-3/+1
2020-04-28apk: do not manage file ownership as non-root or when asked soFredrik Gustafsson1-13/+16
If apk is run as a non-root user, it's not possible to chown files. Maintainers note: minor wording changes on commit log and man page. Signed-off-by: Fredrik Gustafsson <fredrigu@axis.com>
2020-02-14rename all iostream source to io_*.cTimo Teräs1-0/+444
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2024-11-11 13:42:24 +0000