This is the mail archive of the elfutils-devel@sourceware.org mailing list for the elfutils project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Directory traversal in `ar`

From: Alexander Cherepanov <cherepan at mccme dot ru>
To: elfutils-devel at lists dot fedorahosted dot org
Date: Sun, 28 Dec 2014 02:46:15 +0300
Subject: Directory traversal in `ar`

Hi!

There is a directory traversal in `ar`:

# printf '!<arch>\n%-48s%-10s`\n//file/\n%-48s%-10s`\n' // 8 /1 0 > test.a
# ar -xv test.a
x - /file

Patch attached.

-- 
Alexander Cherepanov

diff --git a/libelf/elf_begin.c b/libelf/elf_begin.c
index 947b0ed..ae1e712 100644
--- a/libelf/elf_begin.c
+++ b/libelf/elf_begin.c
@@ -749,10 +749,7 @@ read_long_names (Elf *elf)
 	    }
 
 	  /* NUL-terminate the string.  */
-	  *runp = '\0';
-
-	  /* Skip the NUL byte and the \012.  */
-	  runp += 2;
+	  *runp++ = '\0';
 
 	  /* A sanity check.  Somebody might have generated invalid
 	     archive.  */

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]