Author: Raphael Geissert Bug-Debian: https://bugs.debian.org/731860 Description: Avoid directory traversal when extracting archives by skipping over leading slashes and any prefix containing ".." components. Forwarded: yes --- a/lib/decode.c +++ b/lib/decode.c @@ -22,6 +22,36 @@ #endif +char * +safer_name_suffix (char const *file_name) +{ + char const *p, *t; + p = t = file_name; + while (*p == '/') t = ++p; + while (*p) + { + while (p[0] == '.' && p[0] == p[1] && p[2] == '/') + { + p += 3; + t = p; + } + /* advance pointer past the next slash */ + while (*p && (p++)[0] != '/'); + } + + if (!*t) + { + t = "."; + } + + if (t != file_name) + { + /* TODO: warn somehow that the path was modified */ + } + return (char*)t; +} + + /* determine full path name */ char * th_get_pathname(TAR *t) @@ -29,17 +59,17 @@ th_get_pathname(TAR *t) static char filename[MAXPATHLEN]; if (t->th_buf.gnu_longname) - return t->th_buf.gnu_longname; + return safer_name_suffix(t->th_buf.gnu_longname); if (t->th_buf.prefix[0] != '\0') { snprintf(filename, sizeof(filename), "%.155s/%.100s", t->th_buf.prefix, t->th_buf.name); - return filename; + return safer_name_suffix(filename); } snprintf(filename, sizeof(filename), "%.100s", t->th_buf.name); - return filename; + return safer_name_suffix(filename); } --- a/lib/extract.c +++ b/lib/extract.c @@ -298,14 +298,14 @@ tar_extract_hardlink(TAR * t, char *real if (mkdirhier(dirname(filename)) == -1) return -1; libtar_hashptr_reset(&hp); - if (libtar_hash_getkey(t->h, &hp, th_get_linkname(t), + if (libtar_hash_getkey(t->h, &hp, safer_name_suffix(th_get_linkname(t)), (libtar_matchfunc_t)libtar_str_match) != 0) { lnp = (char *)libtar_hashptr_data(&hp); linktgt = &lnp[strlen(lnp) + 1]; } else - linktgt = th_get_linkname(t); + linktgt = safer_name_suffix(th_get_linkname(t)); #ifdef DEBUG printf(" ==> extracting: %s (link to %s)\n", filename, linktgt); @@ -343,9 +343,9 @@ tar_extract_symlink(TAR *t, char *realna #ifdef DEBUG printf(" ==> extracting: %s (symlink to %s)\n", - filename, th_get_linkname(t)); + filename, safer_name_suffix(th_get_linkname(t))); #endif - if (symlink(th_get_linkname(t), filename) == -1) + if (symlink(safer_name_suffix(th_get_linkname(t)), filename) == -1) { #ifdef DEBUG perror("symlink()"); --- a/lib/internal.h +++ b/lib/internal.h @@ -15,3 +15,4 @@ #include +char* safer_name_suffix(char const*); --- a/lib/output.c +++ b/lib/output.c @@ -123,9 +123,9 @@ th_print_long_ls(TAR *t) else printf(" link to "); if ((t->options & TAR_GNU) && t->th_buf.gnu_longlink != NULL) - printf("%s", t->th_buf.gnu_longlink); + printf("%s", safer_name_suffix(t->th_buf.gnu_longlink)); else - printf("%.100s", t->th_buf.linkname); + printf("%.100s", safer_name_suffix(t->th_buf.linkname)); } putchar('\n'); 'msg-avail'>...* gnu/installer/services.scm (%system-services): Add the gpm-service-type. Leo Famulari 2021-12-28installer: Recommend 'ntp-service-type' for non-graphical systems....We had several bug reports with a root cause of "the clock was incorrect" from users who used the installer to install a non-graphical Guix System. * gnu/installer/services.scm (%system-services): Add the ntp-service-type. * gnu/installer/newt/services.scm (run-system-administration-cbt-page): New variable. (run-services-page): Use run-system-administration-cbt-page when not installing a desktop. * gnu/installer/tests.scm (choose-services): Add and use a choose-misc-service? procedure. * gnu/tests/install.scm (installation-target-os-for-gui-tests)<services>: Add ntp-service-type. Leo Famulari 2021-06-30installer: Offer the CUPS printing service....* gnu/installer/services.scm (%system-services): Add CUPS. * gnu/installer/newt/services.scm (run-other-services-cbt-page): New procedure. (run-services-page): Call it last. Tobias Geerinckx-Rice 2021-06-23installer: Remove unused procedure....NETWORKING-SYSTEM-SERVICE? was obsoleted in commit 2e55f37c0c8fdfbc413edff61490161648a78dcc. * gnu/installer/services.scm (networking-system-service?): Remove it. Tobias Geerinckx-Rice 2020-12-11Revert "services: openssh: Warn about 'password-authentication?' default."...This reverts commit aecd2a13cbd8301d0fdeafcacbf69e12cc3f6138 for two reasons: 1. The warning would fire every time (gnu services ssh) is loaded; 2. There's still no clear consensus on the approach to follow as discussed in <https://issues.guix.gnu.org/44808>. Ludovic Courtès 2020-12-07services: openssh: Warn about 'password-authentication?' default....Fixes <https://bugs.gnu.org/44808>. Reported by Christopher Lemmer Webber <cwebber@dustycloud.org>. * gnu/services/ssh.scm (true-but-soon-false): New procedure. (<openssh-configuration>)[password-authentication?]: Change default to 'true-but-soon-false'. * gnu/installer/services.scm (%system-services): Explicitly set 'password-authentication?' to #f. Ludovic Courtès 2020-10-13installer: Add Emacs EXWM desktop environment....Suggested by zenny via IRC. * gnu/installer/services.scm (%system-services): Add emacs, emacs-exwm, emacs-desktop-environment. * etc/release-manifest.scm (%system-packages): Likewise. * gnu/system/examples/lightweight-desktop.tmpl: Likewise. * gnu/tests/install.scm (installation-target-desktop-os-for-gui-tests) [packages]: Likewise * gnu/installer/newt/services.scm (run-desktop-environments-cbt-page): Make one entry taller. Jan (janneke) Nieuwenhuizen