jaiden
/
apk-tools
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
1,280 Commits
1 Branch
0 Tags
2.5 MiB
C 93.2%
Roff 2.6%
Shell 1.3%
Makefile 1%
Meson 1%
Other 0.9%
 
 
 
 
 
 
Go to file
Timo Teräs f7143c1766 io_archive: add bounds limit for uname and gname tar header fields 
Modify apk_resolve_[ug]id to take the user/groupname as a blob, so
proper length checking is done and honored.

==31584== Conditional jump or move depends on uninitialised value(s)
==31584==    at 0x5C8CA5: strlen (strlen.c:17)
==31584==    by 0x432575: APK_BLOB_STR (apk_blob.h:79)
==31584==    by 0x4350EB: apk_resolve_uid (io.c:1112)
==31584==    by 0x43696C: apk_tar_parse (io_archive.c:152)
==31584==    by 0x4271BC: apk_pkg_read (package.c:929)
==31584==    by 0x402D75: add_main (app_add.c:163)
==31584==    by 0x40D5FF: main (apk-static.c:516)

Fixes a potential crash (DoS) on a crafted TAR file. CVE-2021-30139.

Reported-by: Sören Tempel <soeren+git@soeren-tempel.net>
Reviewed-by: Ariadne Conill <ariadne@dereferenced.org>
 		2021-04-12 15:30:14 +03:00
doc Log to /var/log/apk.log 2021-03-19 12:26:15 +00:00
libfetch libfetch: send Proxy-Authorization also for https connect 2021-03-16 16:22:11 +02:00
scripts scripts: add script to generate APK cross file 2020-10-09 16:09:19 +03:00
src io_archive: add bounds limit for uname and gname tar header fields 2021-04-12 15:30:14 +03:00
test io: Handle really long lines 2021-02-04 21:45:58 +02:00
tests add separate vertest applet for version string testing 2020-10-09 16:09:19 +03:00
.gitignore gitignore: add generated help.h header 2020-05-28 17:56:22 +03:00
.gitlab-ci.yml ci: also install static deps 2020-10-09 16:09:19 +03:00
.mailmap update mailmap with my newer email 2020-08-29 17:31:30 +03:00
AUTHORS Initial commit of some stuff written so far. Still in state of flux. Expect 2008-04-17 14:09:13 +00:00
LICENSE add LICENSE 2020-05-07 10:45:34 +03:00
Make.rules apk-tools-2.12.0_rc1 2020-08-25 14:50:12 +03:00
Makefile apk-tools-2.12.0 2020-10-09 14:18:45 +03:00
README.md readme: fix name of doc directory 2020-02-23 18:55:19 +01:00
meson.build add separate vertest applet for version string testing 2020-10-09 16:09:19 +03:00
meson_options.txt build: adopt meson build for v3 branch 2020-10-09 16:09:19 +03:00

README.md

Alpine Package Keeper

Alpine Package Keeper (apk) is a package manager developed for Alpine Linux.

Online documentation is available in the doc/ directory in the form of man pages.