]> git.ipfire.org Git - thirdparty/tar.git/commit
projects / thirdparty / tar.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: aec5d77) | patch
Use openat2 to jailify the extraction directory
authorPaul Eggert <eggert@cs.ucla.edu>
Thu, 13 Nov 2025 21:44:10 +0000 (13:44 -0800)
committerPaul Eggert <eggert@cs.ucla.edu>
Sat, 15 Nov 2025 23:10:48 +0000 (15:10 -0800)
commit75b03fdff48916bd0654677ed21379bdb0db016d
treea1969b8b7ad71f10c4c6bb080f99e8670765c33etree | snapshot
parentaec5d774379fff1c60bf08209e59ed1f40fb1d43commit | diff
Use openat2 to jailify the extraction directory

This addresses CVE-2025-45582.
* gnulib.modules: Add openat2.
* src/misc.c (open_subdir): New static function.
(fdbase_opendir): Use it.
* src/tar.c (open_searchdir_how): New var, replacing and
augmenting open_searchdir_flags.  All uses changed.
* tests/extrac31.at: New file.
* tests/Makefile (TESTSUITE_AT), tests/testuite.at: Add it.
NEWS diff | blob | blame | history
doc/tar.texi diff | blob | blame | history
gnulib.modules diff | blob | blame | history
src/common.h diff | blob | blame | history
src/create.c diff | blob | blame | history
src/misc.c diff | blob | blame | history
src/tar.c diff | blob | blame | history
tests/Makefile.am diff | blob | blame | history
tests/extrac31.at [new file with mode: 0644] blob
tests/testsuite.at diff | blob | blame | history
Mirror of https://git.savannah.gnu.org/git/tar.git