File amanda-3.3.6-CVE-2016-10729.patch of Package amanda.2358

Overview Repositories Revisions Requests Users Attributes Meta

File amanda-3.3.6-CVE-2016-10729.patch of Package amanda.2358

From 2ba9a5fb84ba2faaeb95695a03bd7f26cbdfedb8 Mon Sep 17 00:00:00 2001
From: Jean-Louis Martineau <martineau@zmanda.com>
Date: Fri, 22 Jan 2016 19:17:45 +0000
Subject: [PATCH] * client-src/runtar.c: Filter tar arguments *
 installcheck/runtar.pl: Check runtar errorr * installcheck/Makefile.am: Add
 runtar.pl

git-svn-id: https://svn.code.sf.net/p/amanda/code/amanda/trunk@6479 a8d146d6-cc15-0410-8900-af154a0219e0
---
Note: only the first part of the upstream patch is applied
---
Index: amanda-3.3.6/client-src/runtar.c
===================================================================
--- amanda-3.3.6.orig/client-src/runtar.c
+++ amanda-3.3.6/client-src/runtar.c
@@ -51,6 +51,7 @@ main(
     char *dbf;
     char *cmdline;
 #endif
+    int good_option;
 
     if (argc > 1 && argv && argv[1] && g_str_equal(argv[1], "--version")) {
 	printf("runtar-%s\n", VERSION);
@@ -141,12 +142,54 @@ main(
     argv++;
 
     cmdline = stralloc(GNUTAR);
+    good_option = 0;
     for (i = 1; argv[i]; i++) {
+	if (good_option <= 0) {
+	    if (g_str_has_prefix(argv[i],"--rsh-command") ||
+		g_str_has_prefix(argv[i],"--to-command") ||
+		g_str_has_prefix(argv[i],"--info-script") ||
+		g_str_has_prefix(argv[i],"--new-volume-script") ||
+		g_str_has_prefix(argv[i],"--rmt-command") ||
+		g_str_has_prefix(argv[i],"--use-compress-program")) {
+		/* Filter potential malicious option */
+		good_option = 0;
+	    } else if (g_str_has_prefix(argv[i],"--create") ||
+		g_str_has_prefix(argv[i],"--totals") ||
+		g_str_has_prefix(argv[i],"--dereference") ||
+		g_str_has_prefix(argv[i],"--no-recursion") ||
+		g_str_has_prefix(argv[i],"--one-file-system") ||
+		g_str_has_prefix(argv[i],"--incremental") ||
+		g_str_has_prefix(argv[i],"--atime-preserve") ||
+		g_str_has_prefix(argv[i],"--sparse") ||
+		g_str_has_prefix(argv[i],"--ignore-failed-read") ||
+		g_str_has_prefix(argv[i],"--numeric-owner")) {
+		/* Accept theses options */
+		good_option++;
+	    } else if (g_str_has_prefix(argv[i],"--blocking-factor") ||
+		g_str_has_prefix(argv[i],"--file") ||
+		g_str_has_prefix(argv[i],"--directory") ||
+		g_str_has_prefix(argv[i],"--exclude") ||
+		g_str_has_prefix(argv[i],"--transform") ||
+		g_str_has_prefix(argv[i],"--listed-incremental") ||
+		g_str_has_prefix(argv[i],"--newer") ||
+		g_str_has_prefix(argv[i],"--exclude-from") ||
+		g_str_has_prefix(argv[i],"--files-from")) {
+		/* Accept theses options with the following argument */
+		good_option += 2;
+	    } else if (argv[i][0] != '-') {
+		good_option++;
+	    }
+	}
+	if (good_option <= 0) {
+	    error("error [%s invalid option: %s]", get_pname(), argv[i]);
+	}
+
 	char *quoted;
 
 	quoted = quote_string(argv[i]);
 	cmdline = vstrextend(&cmdline, " ", quoted, NULL);
 	amfree(quoted);
+        good_option--;
     }
     dbprintf(_("running: %s\n"), cmdline);
     amfree(cmdline);

Places

File amanda-3.3.6-CVE-2016-10729.patch of Package amanda.2358

Places