do not extract files with malicious name
the security implications are not as high as compared to regular tar/unzip archiver. this is because you are anyway trusting the package to install files anywhere in the filesystem. this serves rather as a sanity to check against errors in created package.cute-signatures
parent
c4960a1a7d
commit
997aa99e3d
|
@ -2258,8 +2258,21 @@ static int apk_db_install_archive_entry(void *_ctx,
|
||||||
if (r <= 0)
|
if (r <= 0)
|
||||||
return r;
|
return r;
|
||||||
|
|
||||||
/* Package metainfo and script processing */
|
|
||||||
r = 0;
|
r = 0;
|
||||||
|
|
||||||
|
/* Sanity check the file name */
|
||||||
|
if (ae->name[0] == '/' ||
|
||||||
|
strncmp(ae->name, "/./"+1, 3) == 0 ||
|
||||||
|
strncmp(ae->name, "/../"+1, 3) == 0 ||
|
||||||
|
strstr(ae->name, "/./") ||
|
||||||
|
strstr(ae->name, "/../")) {
|
||||||
|
apk_warning(PKG_VER_FMT": ignoring malicious file %s",
|
||||||
|
PKG_VER_PRINTF(pkg), ae->name);
|
||||||
|
ipkg->broken_files = 1;
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Package metainfo and script processing */
|
||||||
if (ae->name[0] == '.') {
|
if (ae->name[0] == '.') {
|
||||||
/* APK 2.0 format */
|
/* APK 2.0 format */
|
||||||
if (strcmp(ae->name, ".PKGINFO") == 0) {
|
if (strcmp(ae->name, ".PKGINFO") == 0) {
|
||||||
|
|
Loading…
Reference in New Issue