Browse code
fix potential directory traversal in cvd unpacker
| ... | ... |
@@ -1,3 +1,9 @@ |
| 1 |
+Mon Jun 13 11:49:04 CEST 2005 (tk) |
|
| 2 |
+---------------------------------- |
|
| 3 |
+ * libclamav/cvd.c: fix potential directory traversal in cvd unpacker (a low |
|
| 4 |
+ risk problem since all databases are digitally signed). |
|
| 5 |
+ Pointed out by Florian Weimer <fw*deneb.enyo.de> |
|
| 6 |
+ |
|
| 1 | 7 |
Sun Jun 12 11:24:59 CEST 2005 (tk) |
| 2 | 8 |
---------------------------------- |
| 3 | 9 |
* clamscan: improve output handling |
| ... | ... |
@@ -1,5 +1,5 @@ |
| 1 | 1 |
/* |
| 2 |
- * Copyright (C) 2003 - 2004 Tomasz Kojm <tkojm@clamav.net> |
|
| 2 |
+ * Copyright (C) 2003 - 2005 Tomasz Kojm <tkojm@clamav.net> |
|
| 3 | 3 |
* |
| 4 | 4 |
* untgz() is based on public domain minitar utility by Charles G. Waldman |
| 5 | 5 |
* |
| ... | ... |
@@ -54,7 +54,6 @@ int cli_untgz(int fd, const char *destdir) |
| 54 | 54 |
return -1; |
| 55 | 55 |
} |
| 56 | 56 |
|
| 57 |
- |
|
| 58 | 57 |
fullname = (char *) calloc(sizeof(char), strlen(destdir) + 100 + 5); |
| 59 | 58 |
|
| 60 | 59 |
while(1) {
|
| ... | ... |
@@ -77,6 +76,14 @@ int cli_untgz(int fd, const char *destdir) |
| 77 | 77 |
|
| 78 | 78 |
strncpy(name, block, 100); |
| 79 | 79 |
name[100] = '\0'; |
| 80 |
+ |
|
| 81 |
+ if(strchr(name, '/')) {
|
|
| 82 |
+ cli_errmsg("Slash separators are not allowed in CVD.\n");
|
|
| 83 |
+ free(fullname); |
|
| 84 |
+ gzclose(infile); |
|
| 85 |
+ return -1; |
|
| 86 |
+ } |
|
| 87 |
+ |
|
| 80 | 88 |
strcpy(fullname, destdir); |
| 81 | 89 |
strcat(fullname, "/"); |
| 82 | 90 |
strcat(fullname, name); |