pacman

History

Simon Gomizelj dd62fde53e validate %FILEPATH% when parsing repo dbs Currently we make no effort to validate the %FILENAME% field in the repo db. This allows for relative paths to be considered valid. A carefully crafted db entry with a malicious relative path, (e.g. `../../../../etc/passwd`) will cause pacman to to overwrite _any_ file on the target's machine. Add the following validation: - doesn't start with '.' - doesn't contain a '/' - won't overflow PATH_MAX Signed-off-by: Simon Gomizelj <simongmzlj@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>	2013-06-04 13:45:12 +10:00
..
libalpm	validate %FILEPATH% when parsing repo dbs	2013-06-04 13:45:12 +10:00

Simon Gomizelj dd62fde53e validate %FILEPATH% when parsing repo dbs

Currently we make no effort to validate the %FILENAME% field in the
repo db. This allows for relative paths to be considered valid.

A carefully crafted db entry with a malicious relative path,
(e.g. `../../../../etc/passwd`) will cause pacman to to
overwrite _any_ file on the target's machine.

Add the following validation:

- doesn't start with '.'
- doesn't contain a '/'
- won't overflow PATH_MAX

Signed-off-by: Simon Gomizelj <simongmzlj@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>

2013-06-04 13:45:12 +10:00

libalpm

validate %FILEPATH% when parsing repo dbs

2013-06-04 13:45:12 +10:00