mirror of
https://git.savannah.gnu.org/git/tar.git
synced 2026-04-26 03:20:40 +00:00
Use openat2 to jailify the extraction directory
This addresses CVE-2025-45582. * gnulib.modules: Add openat2. * src/misc.c (open_subdir): New static function. (fdbase_opendir): Use it. * src/tar.c (open_searchdir_how): New var, replacing and augmenting open_searchdir_flags. All uses changed. * tests/extrac31.at: New file. * tests/Makefile (TESTSUITE_AT), tests/testuite.at: Add it.
This commit is contained in:
@@ -140,6 +140,7 @@ TESTSUITE_AT = \
|
||||
extrac28.at\
|
||||
extrac29.at\
|
||||
extrac30.at\
|
||||
extrac31.at\
|
||||
filerem01.at\
|
||||
filerem02.at\
|
||||
grow.at\
|
||||
|
||||
55
tests/extrac31.at
Normal file
55
tests/extrac31.at
Normal file
@@ -0,0 +1,55 @@
|
||||
# Test suite for GNU tar. -*- Autotest -*-
|
||||
# Copyright 2025 Free Software Foundation, Inc.
|
||||
#
|
||||
# This file is part of GNU tar.
|
||||
#
|
||||
# GNU tar is free software; you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# GNU tar is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
AT_SETUP([extracting untrusted incremental])
|
||||
AT_KEYWORDS([extract extrac31 --absolute-names])
|
||||
|
||||
|
||||
AT_TAR_CHECK([
|
||||
|
||||
# Extraction should not escape the extraction directory
|
||||
# even when extracting multiple times to the same directory.
|
||||
(umask 022 && mkdir -p dira/sub dirb/sym dirb/sub/sym ext victimdir victimexp)
|
||||
ln -s .. dira/sub/dotdot
|
||||
ln -s ../sub dira/sub/dot
|
||||
ln -s dotdot/sub dira/sub/anotherdot
|
||||
ln -s ../victimdir dira/sym
|
||||
ln -s dotdot/../victimdir dira/sub/sym
|
||||
echo b1 >dirb/sym/file1
|
||||
echo b2 >dirb/sub/sym/file2
|
||||
echo v >victimdir/expected
|
||||
echo v >victimdir/file1
|
||||
echo v >victimdir/file2
|
||||
cp victimdir/* victimexp
|
||||
tar -cf a.tar -C dira sub sym
|
||||
tar -cf b.tar -C dirb sym/file1 sub/sym/file2
|
||||
tar -xf a.tar -C ext
|
||||
echo status1=$?
|
||||
tar -xf b.tar -C ext
|
||||
echo status2=$?
|
||||
diff victimdir victimexp
|
||||
],
|
||||
[],
|
||||
[status1=0
|
||||
status2=2
|
||||
],
|
||||
[tar: sym/file1: Cannot open: Invalid cross-device link
|
||||
tar: sub/sym/file2: Cannot open: Invalid cross-device link
|
||||
tar: Exiting with failure status due to previous errors
|
||||
])
|
||||
AT_CLEANUP
|
||||
@@ -357,6 +357,7 @@ m4_include([extrac27.at])
|
||||
m4_include([extrac28.at])
|
||||
m4_include([extrac29.at])
|
||||
m4_include([extrac30.at])
|
||||
m4_include([extrac31.at])
|
||||
|
||||
m4_include([backup01.at])
|
||||
|
||||
|
||||
Reference in New Issue
Block a user