]> git.ipfire.org Git - thirdparty/samba.git/commitdiff
projects / thirdparty / samba.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: d2c8692)
python:tests: Adopt safe_tarfile for extraction_filter raises
authorAndreas Schneider <asn@samba.org>
Tue, 6 Jun 2023 14:06:57 +0000 (16:06 +0200)
committerJule Anger <janger@samba.org>
Mon, 19 Jun 2023 09:36:10 +0000 (09:36 +0000)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15390

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit ebaa00816259cbae5c45ebf0ba5fb260b09e4695)

python/samba/tests/safe_tarfile.py patch | blob | blame | history

diff --git a/python/samba/tests/safe_tarfile.py b/python/samba/tests/safe_tarfile.py
index 40aa9e17d4a416998c7c6152f54166615026d1ff..cf9b725afcb48cb06e0db024eb093b972e1b0f2d 100644 (file)
--- a/python/samba/tests/safe_tarfile.py
+++ b/python/samba/tests/safe_tarfile.py
@@ -43,9 +43,16 @@ class SafeTarFileTestCase(TestCaseInTempDir):
 
         stf = safe_tarfile.open(tarname)
 
-        self.assertRaises(tarfile.ExtractError,
-                          stf.extractall,
-                          tarname)
+        # We we have data_filter, we have a patched python to address
+        # CVE-2007-4559.
+        if hasattr(tarfile, "data_filter"):
+            self.assertRaises(tarfile.OutsideDestinationError,
+                              stf.extractall,
+                              tarname)
+        else:
+            self.assertRaises(tarfile.ExtractError,
+                              stf.extractall,
+                              tarname)
         self.rm_files('x', 'tar.tar')
 
     def test_slash(self):
@@ -60,8 +67,16 @@ class SafeTarFileTestCase(TestCaseInTempDir):
         tf.close()
 
         stf = safe_tarfile.open(tarname)
-        self.assertRaises(tarfile.ExtractError,
-                          stf.extractall,
-                          tarname)
+
+        # We we have data_filter, we have a patched python to address
+        # CVE-2007-4559.
+        if hasattr(tarfile, "data_filter"):
+            self.assertRaises(NotADirectoryError,
+                              stf.extractall,
+                              tarname)
+        else:
+            self.assertRaises(tarfile.ExtractError,
+                              stf.extractall,
+                              tarname)
 
         self.rm_files('x', 'tar.tar')
Mirror of https://github.com/samba-team/samba.git