cvs commit: patches/tar tar-1.13.25-dot-dot.patch

jim at linuxfromscratch.org jim at linuxfromscratch.org
Sun Sep 14 01:38:55 PDT 2003


jim         03/09/14 02:38:55

  Added:       tar      tar-1.13.25-dot-dot.patch
  Log:
  Added tar-1.13.25-dot-dot.patch
  
  Revision  Changes    Path
  1.1                  patches/tar/tar-1.13.25-dot-dot.patch
  
  Index: tar-1.13.25-dot-dot.patch
  ===================================================================
  Submitted By: Oliver Brakmann <obrakmann at gmx dot net>
  Date: 2003-09-13
  Initial Package Version: 1.13.25
  Origin: Bugtraq Mailing List
  	http://www.securityfocus.com/archive/1/294574
  Description: This patch fixes a security vulnerability by which	a specially
  	crafted tarball can be used to overwrite files on the victim's system.
  	See http://www.securityfocus.com/archive/1/293362 and following as
  	well as references therein for details.
  
  diff -ur tar-1.13.19.orig/src/misc.c tar-1.13.19/src/misc.c
  --- tar-1.13.19.orig/src/misc.c	Sat Jan 13 08:59:29 2001
  +++ tar-1.13.19/src/misc.c	Sat Sep 28 13:48:03 2002
  @@ -206,12 +206,12 @@
         if (p[0] == '.' && p[1] == '.' && (ISSLASH (p[2]) || !p[2]))
   	return 1;
  
  -      do
  +      while (! ISSLASH (*p))
   	{
   	  if (! *p++)
   	    return 0;
   	}
  -      while (! ISSLASH (*p));
  +      p++;
       }
   }
  
  
  



More information about the patches mailing list