| #
283234 |
|
21-May-2015 |
emaste |
MFC r276774: ar: Avoid null pointer deref while reading corrupt archives
ELF Tool Chain ticket #467
Reported by: Alexander Cherepanov <cherepan@mccme.ru>
Sponsored by: The FreeBSD Foundation
|
| #
281936 |
|
24-Apr-2015 |
emaste |
MFC r281311: ar: Disallow directory traversal
Set ARCHIVE_EXTRACT_SECURE_SYMLINKS and ARCHIVE_EXTRACT_SECURE_NODOTDOT
as in bsdtar to prevent extraction of archive entries whose pathnames
contain .. or whose target directory would be altered by a symlink.
Also disallow absolute pathnames.
We don't currently provide an option to disable this behaviour (as
bsdtar's -P does). It is unlikely to be a problem in practice for ar(1),
but the -P option is not currently used and available if we want to
consider it for this purpose.
Obtained from: ELF tool chain ar, Ticket #474
Relnotes: Yes
Sponsored by: The FreeBSD Foundation
|
| #
283234 |
|
21-May-2015 |
emaste |
MFC r276774: ar: Avoid null pointer deref while reading corrupt archives
ELF Tool Chain ticket #467
Reported by: Alexander Cherepanov <cherepan@mccme.ru>
Sponsored by: The FreeBSD Foundation
|
| #
281936 |
|
24-Apr-2015 |
emaste |
MFC r281311: ar: Disallow directory traversal
Set ARCHIVE_EXTRACT_SECURE_SYMLINKS and ARCHIVE_EXTRACT_SECURE_NODOTDOT
as in bsdtar to prevent extraction of archive entries whose pathnames
contain .. or whose target directory would be altered by a symlink.
Also disallow absolute pathnames.
We don't currently provide an option to disable this behaviour (as
bsdtar's -P does). It is unlikely to be a problem in practice for ar(1),
but the -P option is not currently used and available if we want to
consider it for this purpose.
Obtained from: ELF tool chain ar, Ticket #474
Relnotes: Yes
Sponsored by: The FreeBSD Foundation
|