6484ed9849
A crafted .apk file could to trick apk writing unverified data to an unexpected file during temporary file creation due to bugs in handling long link target name and the way a regular file is extracted. Several hardening steps are implemented to avoid this: - the temporary file is now always first unlinked (apk thus reserved all filenames .apk.* to be it's working files) - the temporary file is after that created with O_EXCL to avoid races - the temporary file is no longer directly the archive entry name and thus directly controlled by potentially untrusted data - long file names and link target names are now rejected - hard link targets are now more rigorously checked - various additional checks added for the extraction process to error out early in case of malformed (or old legacy) file Reported-by: Max Justicz <max@justi.cz> |
||
|---|---|---|
| libfetch | ||
| src | ||
| test | ||
| .gitignore | ||
| .mailmap | ||
| .travis.yml | ||
| AUTHORS | ||
| Make.rules | ||
| Makefile | ||
| NEWS | ||
| README | ||