Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:42.3:Update
zziplib.9031
CVE-2018-17828.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2018-17828.patch of Package zziplib.9031
Index: zziplib-0.13.67/bins/unzzipcat-big.c =================================================================== --- zziplib-0.13.67.orig/bins/unzzipcat-big.c +++ zziplib-0.13.67/bins/unzzipcat-big.c @@ -47,6 +47,48 @@ static void unzzip_cat_file(FILE* disk, } } +/* + * NAME: remove_dotdotslash + * PURPOSE: To remove any "../" components from the given pathname + * ARGUMENTS: path: path name with maybe "../" components + * RETURNS: Nothing, "path" is modified in-place + * NOTE: removing "../" from the path ALWAYS shortens the path, never adds to it! + * Also, "path" is not used after creating it. + * So modifying "path" in-place is safe to do. + */ +static inline void +remove_dotdotslash(char *path) +{ + /* Note: removing "../" from the path ALWAYS shortens the path, never adds to it! */ + char *dotdotslash; + int warned = 0; + + dotdotslash = path; + while ((dotdotslash = strstr(dotdotslash, "../")) != NULL) + { + /* + * Remove only if at the beginning of the pathname ("../path/name") + * or when preceded by a slash ("path/../name"), + * otherwise not ("path../name..")! + */ + if (dotdotslash == path || dotdotslash[-1] == '/') + { + char *src, *dst; + if (!warned) + { + /* Note: the first time through the pathname is still intact */ + fprintf(stderr, "Removing \"../\" path component(s) in %s\n", path); + warned = 1; + } + /* We cannot use strcpy(), as there "The strings may not overlap" */ + for (src = dotdotslash+3, dst=dotdotslash; (*dst = *src) != '\0'; src++, dst++) + ; + } + else + dotdotslash +=3; /* skip this instance to prevent infinite loop */ + } +} + static void makedirs(const char* name) { char* p = strrchr(name, '/'); @@ -62,6 +104,16 @@ static void makedirs(const char* name) static FILE* create_fopen(char* name, char* mode, int subdirs) { + char *name_stripped; + FILE *fp; + int mustfree = 0; + + if ((name_stripped = strdup(name)) != NULL) + { + remove_dotdotslash(name_stripped); + name = name_stripped; + mustfree = 1; + } if (subdirs) { char* p = strrchr(name, '/'); @@ -71,7 +123,10 @@ static FILE* create_fopen(char* name, ch free (dir_name); } } - return fopen(name, mode); + fp = fopen(name, mode); + if (mustfree) + free(name_stripped); + return fp; } Index: zziplib-0.13.67/bins/unzzipcat-mem.c =================================================================== --- zziplib-0.13.67.orig/bins/unzzipcat-mem.c +++ zziplib-0.13.67/bins/unzzipcat-mem.c @@ -51,6 +51,48 @@ static void unzzip_mem_disk_cat_file(ZZI } } +/* + * NAME: remove_dotdotslash + * PURPOSE: To remove any "../" components from the given pathname + * ARGUMENTS: path: path name with maybe "../" components + * RETURNS: Nothing, "path" is modified in-place + * NOTE: removing "../" from the path ALWAYS shortens the path, never adds to it! + * Also, "path" is not used after creating it. + * So modifying "path" in-place is safe to do. + */ +static inline void +remove_dotdotslash(char *path) +{ + /* Note: removing "../" from the path ALWAYS shortens the path, never adds to it! */ + char *dotdotslash; + int warned = 0; + + dotdotslash = path; + while ((dotdotslash = strstr(dotdotslash, "../")) != NULL) + { + /* + * Remove only if at the beginning of the pathname ("../path/name") + * or when preceded by a slash ("path/../name"), + * otherwise not ("path../name..")! + */ + if (dotdotslash == path || dotdotslash[-1] == '/') + { + char *src, *dst; + if (!warned) + { + /* Note: the first time through the pathname is still intact */ + fprintf(stderr, "Removing \"../\" path component(s) in %s\n", path); + warned = 1; + } + /* We cannot use strcpy(), as there "The strings may not overlap" */ + for (src = dotdotslash+3, dst=dotdotslash; (*dst = *src) != '\0'; src++, dst++) + ; + } + else + dotdotslash +=3; /* skip this instance to prevent infinite loop */ + } +} + static void makedirs(const char* name) { char* p = strrchr(name, '/'); @@ -66,6 +108,16 @@ static void makedirs(const char* name) static FILE* create_fopen(char* name, char* mode, int subdirs) { + char *name_stripped; + FILE *fp; + int mustfree = 0; + + if ((name_stripped = strdup(name)) != NULL) + { + remove_dotdotslash(name_stripped); + name = name_stripped; + mustfree = 1; + } if (subdirs) { char* p = strrchr(name, '/'); @@ -75,7 +127,10 @@ static FILE* create_fopen(char* name, ch free (dir_name); } } - return fopen(name, mode); + fp = fopen(name, mode); + if (mustfree) + free(name_stripped); + return fp; } static int unzzip_cat (int argc, char ** argv, int extract) Index: zziplib-0.13.67/bins/unzzipcat-mix.c =================================================================== --- zziplib-0.13.67.orig/bins/unzzipcat-mix.c +++ zziplib-0.13.67/bins/unzzipcat-mix.c @@ -37,6 +37,48 @@ static void unzzip_cat_file(ZZIP_DIR* di } } +/* + * NAME: remove_dotdotslash + * PURPOSE: To remove any "../" components from the given pathname + * ARGUMENTS: path: path name with maybe "../" components + * RETURNS: Nothing, "path" is modified in-place + * NOTE: removing "../" from the path ALWAYS shortens the path, never adds to it! + * Also, "path" is not used after creating it. + * So modifying "path" in-place is safe to do. + */ +static inline void +remove_dotdotslash(char *path) +{ + /* Note: removing "../" from the path ALWAYS shortens the path, never adds to it! */ + char *dotdotslash; + int warned = 0; + + dotdotslash = path; + while ((dotdotslash = strstr(dotdotslash, "../")) != NULL) + { + /* + * Remove only if at the beginning of the pathname ("../path/name") + * or when preceded by a slash ("path/../name"), + * otherwise not ("path../name..")! + */ + if (dotdotslash == path || dotdotslash[-1] == '/') + { + char *src, *dst; + if (!warned) + { + /* Note: the first time through the pathname is still intact */ + fprintf(stderr, "Removing \"../\" path component(s) in %s\n", path); + warned = 1; + } + /* We cannot use strcpy(), as there "The strings may not overlap" */ + for (src = dotdotslash+3, dst=dotdotslash; (*dst = *src) != '\0'; src++, dst++) + ; + } + else + dotdotslash +=3; /* skip this instance to prevent infinite loop */ + } +} + static void makedirs(const char* name) { char* p = strrchr(name, '/'); @@ -52,6 +94,16 @@ static void makedirs(const char* name) static FILE* create_fopen(char* name, char* mode, int subdirs) { + char *name_stripped; + FILE *fp; + int mustfree = 0; + + if ((name_stripped = strdup(name)) != NULL) + { + remove_dotdotslash(name_stripped); + name = name_stripped; + mustfree = 1; + } if (subdirs) { char* p = strrchr(name, '/'); @@ -61,7 +113,10 @@ static FILE* create_fopen(char* name, ch free (dir_name); } } - return fopen(name, mode); + fp = fopen(name, mode); + if (mustfree) + free(name_stripped); + return fp; } static int unzzip_cat (int argc, char ** argv, int extract) Index: zziplib-0.13.67/bins/unzzipcat-zip.c =================================================================== --- zziplib-0.13.67.orig/bins/unzzipcat-zip.c +++ zziplib-0.13.67/bins/unzzipcat-zip.c @@ -37,6 +37,48 @@ static void unzzip_cat_file(ZZIP_DIR* di } } +/* + * NAME: remove_dotdotslash + * PURPOSE: To remove any "../" components from the given pathname + * ARGUMENTS: path: path name with maybe "../" components + * RETURNS: Nothing, "path" is modified in-place + * NOTE: removing "../" from the path ALWAYS shortens the path, never adds to it! + * Also, "path" is not used after creating it. + * So modifying "path" in-place is safe to do. + */ +static inline void +remove_dotdotslash(char *path) +{ + /* Note: removing "../" from the path ALWAYS shortens the path, never adds to it! */ + char *dotdotslash; + int warned = 0; + + dotdotslash = path; + while ((dotdotslash = strstr(dotdotslash, "../")) != NULL) + { + /* + * Remove only if at the beginning of the pathname ("../path/name") + * or when preceded by a slash ("path/../name"), + * otherwise not ("path../name..")! + */ + if (dotdotslash == path || dotdotslash[-1] == '/') + { + char *src, *dst; + if (!warned) + { + /* Note: the first time through the pathname is still intact */ + fprintf(stderr, "Removing \"../\" path component(s) in %s\n", path); + warned = 1; + } + /* We cannot use strcpy(), as there "The strings may not overlap" */ + for (src = dotdotslash+3, dst=dotdotslash; (*dst = *src) != '\0'; src++, dst++) + ; + } + else + dotdotslash +=3; /* skip this instance to prevent infinite loop */ + } +} + static void makedirs(const char* name) { char* p = strrchr(name, '/'); @@ -52,6 +94,16 @@ static void makedirs(const char* name) static FILE* create_fopen(char* name, char* mode, int subdirs) { + char *name_stripped; + FILE *fp; + int mustfree = 0; + + if ((name_stripped = strdup(name)) != NULL) + { + remove_dotdotslash(name_stripped); + name = name_stripped; + mustfree = 1; + } if (subdirs) { char* p = strrchr(name, '/'); @@ -61,7 +113,10 @@ static FILE* create_fopen(char* name, ch free (dir_name); } } - return fopen(name, mode); + fp = fopen(name, mode); + if (mustfree) + free(name_stripped); + return fp; } static int unzzip_cat (int argc, char ** argv, int extract)
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
