aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSergey Poznyakoff <gray@gnu.org>2019-11-03 17:31:37 +0200
committerSergey Poznyakoff <gray@gnu.org>2019-11-03 17:40:03 +0200
commit45b0ee2b407913c533f7ded8d6f8cbeec16ff6ca (patch)
tree7f0251e6df12aadae7c6779bc7cacf2da8254bac
parent3177d660a4c62a6acb538b0f7c54ba423698889a (diff)
downloadcpio-45b0ee2b407913c533f7ded8d6f8cbeec16ff6ca.tar.gz
cpio-45b0ee2b407913c533f7ded8d6f8cbeec16ff6ca.tar.bz2
Fix CVE-2015-1197
* src/copyin.c (copyin_link): Force safer name suffix for symbolic links. * tests/CVE-2015-1197.at: New file. * tests/Makefile.am: Add new test case. * tests/testsuite.at: Likewise.
-rw-r--r--src/copyin.c5
-rw-r--r--tests/CVE-2015-1197.at43
-rw-r--r--tests/Makefile.am3
-rw-r--r--tests/testsuite.at2
4 files changed, 50 insertions, 3 deletions
diff --git a/src/copyin.c b/src/copyin.c
index 63541eb..7cdfda3 100644
--- a/src/copyin.c
+++ b/src/copyin.c
@@ -645,13 +645,14 @@ copyin_link (struct cpio_file_stat *file_hdr, int in_file_des)
link_name = xstrdup (file_hdr->c_tar_linkname);
}
+ cpio_safer_name_suffix (link_name, true, !no_abs_paths_flag, false);
+
res = UMASKED_SYMLINK (link_name, file_hdr->c_name,
file_hdr->c_mode);
if (res < 0 && create_dir_flag)
{
create_all_directories (file_hdr->c_name);
- res = UMASKED_SYMLINK (link_name, file_hdr->c_name,
- file_hdr->c_mode);
+ res = UMASKED_SYMLINK (link_name, file_hdr->c_name, file_hdr->c_mode);
}
if (res < 0)
{
diff --git a/tests/CVE-2015-1197.at b/tests/CVE-2015-1197.at
new file mode 100644
index 0000000..6079af7
--- /dev/null
+++ b/tests/CVE-2015-1197.at
@@ -0,0 +1,43 @@
+# Process this file with autom4te to create testsuite. -*- Autotest -*-
+# Copyright (C) 2009-2019 Free Software Foundation, Inc.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3, or (at your option)
+# any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+AT_SETUP([CVE-2015-1197 (--no-absolute-filenames for symlinks)])
+AT_CHECK([
+tempdir=$(pwd)/tmp
+mkdir $tempdir
+touch $tempdir/file
+ln -s $tempdir dir
+AT_DATA([filelist],
+[dir
+dir/file
+])
+ln -s /tmp dir
+touch /tmp/file
+cpio -o < filelist > test.cpio
+rm dir /tmp/file
+cpio --no-absolute-filenames -iv < test.cpio
+],
+[2],
+[],
+[1 block
+cpio: Removing leading `/' from hard link targets
+dir
+cpio: dir/file: Cannot open: No such file or directory
+dir/file
+1 block
+])
+AT_CLEANUP
+
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 65acb46..5b8e9ed 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -56,7 +56,8 @@ TESTSUITE_AT = \
symlink-long.at\
symlink-to-stdout.at\
version.at\
- big-block-size.at
+ big-block-size.at\
+ CVE-2015-1197.at
TESTSUITE = $(srcdir)/testsuite
diff --git a/tests/testsuite.at b/tests/testsuite.at
index 644ada0..10cb8b9 100644
--- a/tests/testsuite.at
+++ b/tests/testsuite.at
@@ -43,3 +43,5 @@ m4_include([setstat03.at])
m4_include([setstat04.at])
m4_include([setstat05.at])
m4_include([big-block-size.at])
+
+m4_include([CVE-2015-1197.at])

Return to:

Send suggestions and report system problems to the System administrator.