diff options
Diffstat (limited to 'meta/recipes-devtools/elfutils/elfutils-0.161/0001-libelf-Fix-dir-traversal-vuln-in-ar-extraction.patch')
-rw-r--r-- | meta/recipes-devtools/elfutils/elfutils-0.161/0001-libelf-Fix-dir-traversal-vuln-in-ar-extraction.patch | 59 |
1 files changed, 0 insertions, 59 deletions
diff --git a/meta/recipes-devtools/elfutils/elfutils-0.161/0001-libelf-Fix-dir-traversal-vuln-in-ar-extraction.patch b/meta/recipes-devtools/elfutils/elfutils-0.161/0001-libelf-Fix-dir-traversal-vuln-in-ar-extraction.patch deleted file mode 100644 index 7e4e492c1e..0000000000 --- a/meta/recipes-devtools/elfutils/elfutils-0.161/0001-libelf-Fix-dir-traversal-vuln-in-ar-extraction.patch +++ /dev/null @@ -1,59 +0,0 @@ -From 147018e729e7c22eeabf15b82d26e4bf68a0d18e Mon Sep 17 00:00:00 2001 -From: Alexander Cherepanov <cherepan@mccme.ru> -Date: Sun, 28 Dec 2014 19:57:19 +0300 -Subject: [PATCH] libelf: Fix dir traversal vuln in ar extraction. - -Upstream-Status: Backport - -read_long_names terminates names at the first '/' found but then skips -one character without checking (it's supposed to be '\n'). Hence the -next name could start with any character including '/'. This leads to -a directory traversal vulnerability at the time the contents of the -archive is extracted. - -The danger is mitigated by the fact that only one '/' is possible in a -resulting filename and only in the leading position. Hence only files -in the root directory can be written via this vuln and only when ar is -executed as root. - -The fix for the vuln is to not skip any characters while looking -for '/'. - -Signed-off-by: Alexander Cherepanov <cherepan@mccme.ru> ---- - libelf/ChangeLog | 5 +++++ - libelf/elf_begin.c | 5 +---- - 2 files changed, 6 insertions(+), 4 deletions(-) - -diff --git a/libelf/ChangeLog b/libelf/ChangeLog -index 3b88d03..447c354 100644 ---- a/libelf/ChangeLog -+++ b/libelf/ChangeLog -@@ -1,3 +1,8 @@ -+2014-12-28 Alexander Cherepanov <cherepan@mccme.ru> -+ -+ * elf_begin.c (read_long_names): Don't miss '/' right after -+ another '/'. Fixes a dir traversal vuln in ar extraction. -+ - 2014-12-18 Ulrich Drepper <drepper@gmail.com> - - * Makefile.am: Suppress output of textrel_check command. -diff --git a/libelf/elf_begin.c b/libelf/elf_begin.c -index 30abe0b..cd3756c 100644 ---- a/libelf/elf_begin.c -+++ b/libelf/elf_begin.c -@@ -749,10 +749,7 @@ read_long_names (Elf *elf) - } - - /* NUL-terminate the string. */ -- *runp = '\0'; -- -- /* Skip the NUL byte and the \012. */ -- runp += 2; -+ *runp++ = '\0'; - - /* A sanity check. Somebody might have generated invalid - archive. */ --- -1.9.1 - |