#
283234 |
|
21-May-2015 |
emaste |
MFC r276774: ar: Avoid null pointer deref while reading corrupt archives
ELF Tool Chain ticket #467
Reported by: Alexander Cherepanov <cherepan@mccme.ru> Sponsored by: The FreeBSD Foundation
|
#
281936 |
|
24-Apr-2015 |
emaste |
MFC r281311: ar: Disallow directory traversal
Set ARCHIVE_EXTRACT_SECURE_SYMLINKS and ARCHIVE_EXTRACT_SECURE_NODOTDOT as in bsdtar to prevent extraction of archive entries whose pathnames contain .. or whose target directory would be altered by a symlink. Also disallow absolute pathnames.
We don't currently provide an option to disable this behaviour (as bsdtar's -P does). It is unlikely to be a problem in practice for ar(1), but the -P option is not currently used and available if we want to consider it for this purpose.
Obtained from: ELF tool chain ar, Ticket #474 Relnotes: Yes Sponsored by: The FreeBSD Foundation
|
#
283234 |
|
21-May-2015 |
emaste |
MFC r276774: ar: Avoid null pointer deref while reading corrupt archives
ELF Tool Chain ticket #467
Reported by: Alexander Cherepanov <cherepan@mccme.ru> Sponsored by: The FreeBSD Foundation
|
#
281936 |
|
24-Apr-2015 |
emaste |
MFC r281311: ar: Disallow directory traversal
Set ARCHIVE_EXTRACT_SECURE_SYMLINKS and ARCHIVE_EXTRACT_SECURE_NODOTDOT as in bsdtar to prevent extraction of archive entries whose pathnames contain .. or whose target directory would be altered by a symlink. Also disallow absolute pathnames.
We don't currently provide an option to disable this behaviour (as bsdtar's -P does). It is unlikely to be a problem in practice for ar(1), but the -P option is not currently used and available if we want to consider it for this purpose.
Obtained from: ELF tool chain ar, Ticket #474 Relnotes: Yes Sponsored by: The FreeBSD Foundation
|