diff options
author | Jim Meyering <meyering@redhat.com> | 2011-02-01 11:21:15 +0100 |
---|---|---|
committer | Andreas Gruenbacher <agruen@linbit.com> | 2011-02-03 22:00:50 +0100 |
commit | 685a78b6052f4df6eac6d625a545cfb54a6ac0e1 (patch) | |
tree | 71794ea7f8a6076a396b10733288aa384e4d360d | |
parent | 7fae6755f4194423ba52add76f5cbdbffd26fe04 (diff) | |
download | patch-685a78b6052f4df6eac6d625a545cfb54a6ac0e1.tar.gz |
Do not let a malicious patch create files above current directory
This addresses CVE-2010-4651, reported by Jakub Wilk.
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4651
* src/util.c (strip_leading_slashes): Reject absolute file names
and file names containing a component of "..".
* tests/bad-filenames: New file. Test for this.
* tests/Makefile.am (TESTS): Add it.
Improvements by Andreas Gruenbacher.
-rw-r--r-- | ChangeLog | 13 | ||||
-rw-r--r-- | src/pch.c | 2 | ||||
-rw-r--r-- | src/util.c | 13 | ||||
-rw-r--r-- | tests/Makefile.am | 3 | ||||
-rw-r--r-- | tests/bad-filenames | 49 |
5 files changed, 76 insertions, 4 deletions
@@ -1,3 +1,14 @@ +2011-02-01 Jim Meyering <meyering@redhat.com> + and Andreas Gruenbacher <agruen@linbit.com> + + Do not let a malicious patch create files above current directory + This addresses CVE-2010-4651, reported by Jakub Wilk. + https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4651 + * src/util.c (strip_leading_slashes): Reject absolute file names and + file names containing a component of "..". + * tests/bad-filenames: New file. Test for this. + * tests/Makefile.am (TESTS): Add it. + 2010-12-04 Andreas Gruenbacher <agruen@linbit.com> * src/util.c (make_tempfile): Create missing directories when @@ -3594,7 +3605,7 @@ Sun Dec 17 17:29:48 1989 Jim Kingdon (kingdon at hobbes.ai.mit.edu) Copyright (C) 1984, 1985, 1986, 1987, 1988 Larry Wall. Copyright (C) 1989, 1990, 1991, 1992, 1993, 1997, 1998, 1999, 2000, 2001, -2002, 2009, 2010 Free Software Foundation, Inc. +2002, 2009, 2010, 2011 Free Software Foundation, Inc. This file is part of GNU Patch. @@ -3,7 +3,7 @@ /* Copyright (C) 1986, 1987, 1988 Larry Wall Copyright (C) 1990, 1991, 1992, 1993, 1997, 1998, 1999, 2000, 2001, - 2002, 2003, 2006, 2009, 2010 Free Software Foundation, Inc. + 2002, 2003, 2006, 2009, 2010, 2011 Free Software Foundation, Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -3,7 +3,7 @@ /* Copyright (C) 1986 Larry Wall Copyright (C) 1992, 1993, 1997, 1998, 1999, 2001, 2002, 2003, 2006, - 2009, 2010 Free Software Foundation, Inc. + 2009, 2010, 2011 Free Software Foundation, Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -1415,6 +1415,17 @@ strip_leading_slashes (char *name, int strip_leading) n = p+1; } } + if (IS_ABSOLUTE_FILE_NAME (n)) + fatal ("rejecting absolute file name: %s", quotearg (n)); + for (p = n; *p; ) + { + if (*p == '.' && *++p == '.' && ( ! *++p || ISSLASH (*p))) + fatal ("rejecting file name with \"..\" component: %s", quotearg (n)); + while (*p && ! ISSLASH (*p)) + p++; + while (ISSLASH (*p)) + p++; + } if ((strip_leading < 0 || s <= 0) && *n) { memmove (name, n, strlen (n) + 1); diff --git a/tests/Makefile.am b/tests/Makefile.am index ffe02af..cca8a87 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -1,5 +1,5 @@ # Copyright (C) 1989, 1990, 1991, 1992, 1993, 1997, 1998, 1999, 2002, -# 2003, 2006, 2009, 2010 Free Software Foundation, Inc. +# 2003, 2006, 2009, 2010, 2011 Free Software Foundation, Inc. # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -19,6 +19,7 @@ TESTS = \ asymmetric-hunks \ backup-prefix-suffix \ + bad-filenames \ copy-rename \ corrupt-reject-files \ create-delete \ diff --git a/tests/bad-filenames b/tests/bad-filenames new file mode 100644 index 0000000..f53a613 --- /dev/null +++ b/tests/bad-filenames @@ -0,0 +1,49 @@ +# Copyright (C) 2011 Free Software Foundation, Inc. +# +# Copying and distribution of this file, with or without modification, +# in any medium, are permitted without royalty provided the copyright +# notice and this notice are preserved. + +. $srcdir/test-lib.sh + +use_local_patch + +# ================================================================ + +emit_patch() +{ +cat <<EOF +--- /dev/null ++++ $1 +@@ -0,0 +1 @@ ++x +EOF +} + +# Ensure that patch rejects an output file name that is absolute +# or that contains a ".." component. + +check 'emit_patch /absolute/path | patch -p0; echo status: $?' <<EOF +$PATCH: **** rejecting absolute file name: /absolute/path +status: 2 +EOF + +check 'emit_patch a/../z | patch -p0; echo status: $?' <<EOF +$PATCH: **** rejecting file name with ".." component: a/../z +status: 2 +EOF + +check 'emit_patch a/../z | patch -p1; echo status: $?' <<EOF +$PATCH: **** rejecting file name with ".." component: ../z +status: 2 +EOF + +check 'emit_patch a/.. | patch -p0; echo status: $?' <<EOF +$PATCH: **** rejecting file name with ".." component: a/.. +status: 2 +EOF + +check 'emit_patch ../z | patch -p0; echo status: $?' <<EOF +$PATCH: **** rejecting file name with ".." component: ../z +status: 2 +EOF |