git-svn: trunk@1614
Tomasz Kojm authored on 2005/06/13 18:54:11... | ... |
@@ -1,3 +1,9 @@ |
1 |
+Mon Jun 13 11:49:04 CEST 2005 (tk) |
|
2 |
+---------------------------------- |
|
3 |
+ * libclamav/cvd.c: fix potential directory traversal in cvd unpacker (a low |
|
4 |
+ risk problem since all databases are digitally signed). |
|
5 |
+ Pointed out by Florian Weimer <fw*deneb.enyo.de> |
|
6 |
+ |
|
1 | 7 |
Sun Jun 12 11:24:59 CEST 2005 (tk) |
2 | 8 |
---------------------------------- |
3 | 9 |
* clamscan: improve output handling |
... | ... |
@@ -1,5 +1,5 @@ |
1 | 1 |
/* |
2 |
- * Copyright (C) 2003 - 2004 Tomasz Kojm <tkojm@clamav.net> |
|
2 |
+ * Copyright (C) 2003 - 2005 Tomasz Kojm <tkojm@clamav.net> |
|
3 | 3 |
* |
4 | 4 |
* untgz() is based on public domain minitar utility by Charles G. Waldman |
5 | 5 |
* |
... | ... |
@@ -54,7 +54,6 @@ int cli_untgz(int fd, const char *destdir) |
54 | 54 |
return -1; |
55 | 55 |
} |
56 | 56 |
|
57 |
- |
|
58 | 57 |
fullname = (char *) calloc(sizeof(char), strlen(destdir) + 100 + 5); |
59 | 58 |
|
60 | 59 |
while(1) { |
... | ... |
@@ -77,6 +76,14 @@ int cli_untgz(int fd, const char *destdir) |
77 | 77 |
|
78 | 78 |
strncpy(name, block, 100); |
79 | 79 |
name[100] = '\0'; |
80 |
+ |
|
81 |
+ if(strchr(name, '/')) { |
|
82 |
+ cli_errmsg("Slash separators are not allowed in CVD.\n"); |
|
83 |
+ free(fullname); |
|
84 |
+ gzclose(infile); |
|
85 |
+ return -1; |
|
86 |
+ } |
|
87 |
+ |
|
80 | 88 |
strcpy(fullname, destdir); |
81 | 89 |
strcat(fullname, "/"); |
82 | 90 |
strcat(fullname, name); |