1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
|
--- libarchive-3.1.2/build/autoconf/config.sub.orig 2013-02-09 18:23:12.000000000 +0100
+++ libarchive-3.1.2/build/autoconf/config.sub 2016-03-08 12:37:36.382751400 +0100
@@ -789,6 +789,10 @@
microblaze*)
basic_machine=microblaze-xilinx
;;
+ midipix)
+ basic_machine=x86_64-pc
+ os=-midipix
+ ;;
mingw64)
basic_machine=x86_64-pc
os=-mingw64
@@ -1365,7 +1369,7 @@
| -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \
| -chorusos* | -chorusrdb* | -cegcc* \
| -cygwin* | -msys* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
- | -mingw32* | -mingw64* | -linux-gnu* | -linux-android* \
+ | -midipix* | -mingw32* | -mingw64* | -linux-gnu* | -linux-android* \
| -linux-newlib* | -linux-musl* | -linux-uclibc* \
| -uxpv* | -beos* | -mpeix* | -udk* \
| -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \
--- libarchive-3.1.2/configure.orig 2013-02-09 18:23:08.000000000 +0100
+++ libarchive-3.1.2/configure 2016-03-08 12:40:21.031444000 +0100
@@ -21629,3 +21629,15 @@
$as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;}
fi
+# a transitional workaround...
+case $host_os in
+ midipix*)
+ cp $ac_confdir/libtool.midipix libtool || exit 2
+
+ sed -i -e 's/@cbb_host_os@/'$host'/g' \
+ -e 's/@cbb_build_alias@/'$build_alias'/g' \
+ -e 's/@cbb_build_os@/'$build_os'/g' \
+ -e 's/@cbb_build@/'$build'/g' libtool || exit 2
+ ;;
+esac
+
--- libarchive-3.1.2/cpio/bsdcpio.1.orig
+++ libarchive-3.1.2/cpio/bsdcpio.1
@@ -156,7 +156,8 @@
.It Fl Fl insecure
(i and p mode only)
Disable security checks during extraction or copying.
-This allows extraction via symbolic links and path names containing
+This allows extraction via symbolic links, absolute paths,
+and path names containing
.Sq ..
in the name.
.It Fl J , Fl Fl xz
--- libarchive-3.1.2/cpio/cpio.c.orig
+++ libarchive-3.1.2/cpio/cpio.c
@@ -179,6 +179,7 @@
cpio->extract_flags |= ARCHIVE_EXTRACT_NO_OVERWRITE_NEWER;
cpio->extract_flags |= ARCHIVE_EXTRACT_SECURE_SYMLINKS;
cpio->extract_flags |= ARCHIVE_EXTRACT_SECURE_NODOTDOT;
+ cpio->extract_flags |= ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS;
cpio->extract_flags |= ARCHIVE_EXTRACT_PERM;
cpio->extract_flags |= ARCHIVE_EXTRACT_FFLAGS;
cpio->extract_flags |= ARCHIVE_EXTRACT_ACL;
@@ -264,6 +265,7 @@
case OPTION_INSECURE:
cpio->extract_flags &= ~ARCHIVE_EXTRACT_SECURE_SYMLINKS;
cpio->extract_flags &= ~ARCHIVE_EXTRACT_SECURE_NODOTDOT;
+ cpio->extract_flags &= ~ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS;
break;
case 'L': /* GNU cpio */
cpio->option_follow_links = 1;
@@ -300,6 +302,7 @@
"Cannot use both -p and -%c", cpio->mode);
cpio->mode = opt;
cpio->extract_flags &= ~ARCHIVE_EXTRACT_SECURE_NODOTDOT;
+ cpio->extract_flags &= ~ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS;
break;
case OPTION_PRESERVE_OWNER:
cpio->extract_flags |= ARCHIVE_EXTRACT_OWNER;
--- libarchive-3.1.2/libarchive/archive.h.orig
+++ libarchive-3.1.2/libarchive/archive.h
@@ -562,6 +562,8 @@
/* Default: Do not use HFS+ compression if it was not compressed. */
/* This has no effect except on Mac OS v10.6 or later. */
#define ARCHIVE_EXTRACT_HFS_COMPRESSION_FORCED (0x8000)
+/* Default: Do not reject entries with absolute paths */
+#define ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS (0x10000)
__LA_DECL int archive_read_extract(struct archive *, struct archive_entry *,
int flags);
--- libarchive-3.1.2/libarchive/archive_write_disk.3.orig
+++ libarchive-3.1.2/libarchive/archive_write_disk.3
@@ -177,6 +177,9 @@
Note that paths ending in
.Pa ..
always cause an error, regardless of this flag.
+.It Cm ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS
+Refuse to extract an absolute path.
+The default is to not refuse such paths.
.It Cm ARCHIVE_EXTRACT_SPARSE
Scan data for blocks of NUL bytes and try to recreate them with holes.
This results in sparse files, independent of whether the archive format
--- libarchive-3.1.2/libarchive/archive_write_disk_posix.c.orig
+++ libarchive-3.1.2/libarchive/archive_write_disk_posix.c
@@ -2504,8 +2504,9 @@
/*
* Canonicalize the pathname. In particular, this strips duplicate
* '/' characters, '.' elements, and trailing '/'. It also raises an
- * error for an empty path, a trailing '..' or (if _SECURE_NODOTDOT is
- * set) any '..' in the path.
+ * error for an empty path, a trailing '..', (if _SECURE_NODOTDOT is
+ * set) any '..' in the path or (if ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS
+ * is set) if the path is absolute.
*/
static int
cleanup_pathname(struct archive_write_disk *a)
@@ -2524,8 +2525,15 @@
cleanup_pathname_win(a);
#endif
/* Skip leading '/'. */
- if (*src == '/')
+ if (*src == '/') {
+ if (a->flags & ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS) {
+ archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
+ "Path is absolute");
+ return (ARCHIVE_FAILED);
+ }
+
separator = *src++;
+ }
/* Scan the pathname one element at a time. */
for (;;) {
--- libarchive-3.1.2/libarchive/test/test_write_disk_secure.c.orig
+++ libarchive-3.1.2/libarchive/test/test_write_disk_secure.c
@@ -178,6 +178,29 @@
assert(S_ISDIR(st.st_mode));
archive_entry_free(ae);
+ /*
+ * Without security checks, we should be able to
+ * extract an absolute path.
+ */
+ assert((ae = archive_entry_new()) != NULL);
+ archive_entry_copy_pathname(ae, "/tmp/libarchive_test-test_write_disk_secure-absolute_path.tmp");
+ archive_entry_set_mode(ae, S_IFREG | 0777);
+ assert(0 == archive_write_header(a, ae));
+ assert(0 == archive_write_finish_entry(a));
+ assertFileExists("/tmp/libarchive_test-test_write_disk_secure-absolute_path.tmp");
+ assert(0 == unlink("/tmp/libarchive_test-test_write_disk_secure-absolute_path.tmp"));
+
+ /* But with security checks enabled, this should fail. */
+ assert(archive_entry_clear(ae) != NULL);
+ archive_entry_copy_pathname(ae, "/tmp/libarchive_test-test_write_disk_secure-absolute_path.tmp");
+ archive_entry_set_mode(ae, S_IFREG | 0777);
+ archive_write_disk_set_options(a, ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS);
+ failure("Extracting an absolute path should fail here.");
+ assertEqualInt(ARCHIVE_FAILED, archive_write_header(a, ae));
+ archive_entry_free(ae);
+ assert(0 == archive_write_finish_entry(a));
+ assertFileNotExists("/tmp/libarchive_test-test_write_disk_secure-absolute_path.tmp");
+
assertEqualInt(ARCHIVE_OK, archive_write_free(a));
/* Test the entries on disk. */
--- libarchive-3.1.2/libarchive/archive_write.c.orig 2016-06-03 13:15:42.862830537 +0000
+++ libarchive-3.1.2/libarchive/archive_write.c 2016-06-03 13:19:01.590826126 +0000
@@ -671,8 +671,12 @@
_archive_write_data(struct archive *_a, const void *buff, size_t s)
{
struct archive_write *a = (struct archive_write *)_a;
+ const size_t max_write = INT_MAX;
archive_check_magic(&a->archive, ARCHIVE_WRITE_MAGIC,
ARCHIVE_STATE_DATA, "archive_write_data");
+ /* In particular, this catches attempts to pass negative values. */
+ if (s > max_write)
+ s = max_write;
archive_clear_error(&a->archive);
return ((a->format_write_data)(a, buff, s));
}
|