From: Matthias Klose Date: Sat, 5 Aug 2006 09:43:02 +0000 (+0000) Subject: PR fastjar/28359 / CVE-2006-3619 X-Git-Tag: releases/gcc-4.0.4~468 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=413a676c19e1e658144e7db52b8843de6a63fb90;p=thirdparty%2Fgcc.git PR fastjar/28359 / CVE-2006-3619 2006-07-17 Richard Guenther * jartool.c (extract_jar): Do not allow directory traversal to parents of the extraction root. From-SVN: r115946 --- diff --git a/fastjar/ChangeLog b/fastjar/ChangeLog index 87f6a39d3dde..14b52a0f29ea 100644 --- a/fastjar/ChangeLog +++ b/fastjar/ChangeLog @@ -1,3 +1,11 @@ +2006-08-04 Matthias Klose + + PR fastjar/28359 / CVE-2006-3619 + + 2006-07-17 Richard Guenther + * jartool.c (extract_jar): Do not allow directory traversal + to parents of the extraction root. + 2006-03-09 Release Manager * GCC 4.0.3 released. diff --git a/fastjar/jartool.c b/fastjar/jartool.c index a3b059740cc6..a6f3c615f948 100644 --- a/fastjar/jartool.c +++ b/fastjar/jartool.c @@ -1724,6 +1724,7 @@ int extract_jar(int fd, char **files, int file_num){ const ub1 *start = filename; char *tmp_buff; struct stat sbuf; + int depth = 0; tmp_buff = malloc(sizeof(char) * strlen((const char *)filename)); @@ -1744,7 +1745,14 @@ int extract_jar(int fd, char **files, int file_num){ #ifdef DEBUG printf("checking the existance of %s\n", tmp_buff); #endif - + if(strcmp(tmp_buff, "..") == 0){ + --depth; + if (depth < 0){ + fprintf(stderr, "Traversal to parent directories during unpacking!\n"); + exit(1); + } + } else if (strcmp(tmp_buff, ".") != 0) + ++depth; if(stat(tmp_buff, &sbuf) < 0){ if(errno != ENOENT){ perror("stat");